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Sears  Plans  to  Outsource 
Part  of  IT  Infrastructure 


Other  major  initiatives  focus  on  point-of-sale 
systems  and  merchandising  applications 


BY  CAROL  SLIWA 

NEW  YORK 

Sears,  Roebuck  and  Co.  in 
March  plans  to  strike  a  deal  to 
outsource  a  substan¬ 
tial  portion  of  the 
technical  infrastruc¬ 
ture  that  its  IT  de¬ 
partment  currently 
maintains. 

The  outsourcing  decision  is 
one  of  several  key  IT  deals 
that  the  retailer  plans  to  final¬ 
ize  early  this  year  to  help  re¬ 


duce  costs,  improve  margins 
and  drive  up  sales,  CIO  Gary 
Kelly  disclosed  at  the  National 
Retail  Federation  conference 
here  last  week. 

Outsourcing  a  big 
chunk  of  the  IT  infra¬ 
structure  —  a  deci¬ 
sion  that  Kelly  ac¬ 
knowledged  is  “huge” 
—  will  have  an  impact  not 
only  on  technology  but  also  on 
the  Sears  IT  personnel  who 
support  it.  Kelly  said  about 


270  of  the  company’s  1,160  IT 
staffers  currently  manage  the 
systems  that  the  company 
plans  to  outsource. 

“We  don’t  know  how  many 
of  them  will  remain  with 
Sears,  how  many  will  work 
with  the  new  company.  That’s 
yet  to  be  determined,”  Kelly 
said.  “Usually,  the  company 
that  acquires  the  contract  to 
own  and  operate  the  infra¬ 
structure  hires  some  portion 
of  the  people  that  do  the  work 
for  the  customer.” 

That’s  what  happened  at 

Sears,  page  14 


Soars’  CEO  sings  the 
praises  of  offshore 
outsourcing. 

©  QuickLink  44157 


Big  Vendors  Lead  Leap  to  Linux 


Users  wary  as  IBM, 
Novell,  Sun  pursue 
use  of  OS  on  desktops 

BY  PATRICK  THIBODEAU 

Miami-Dade  County’s  govern¬ 
ment  operations  have  around 
15,000  users,  and  the  county’s 
IT  officials  would  love  noth¬ 
ing  more  than  to  cut  licensing 
costs  by  adopting  a  Linux 
desktop  strategy. 

“We’re  all  looking  for  some¬ 
thing  that  will  work  as  well  [as 
Windows]  but  doesn’t  cost  as 
much,”  said  Gary  Gray,  the 
Florida  county’s  systems  sup¬ 
port  manager.  But  Miami- 
Dade  isn’t  ready  to  risk  inter¬ 
operability  and  productivity 
limitations  by  taking  the  desk¬ 
top  Linux  leap.  “We’re  going 
to  let  the  big  people  try  this 
out  first,”  he  said. 

Some  of  the  “big  people” 
Gray  will  be  watching  are  IBM 
and  Novell  Inc.,  which  have 
acknowledged  plans  to  adopt 


Linux  on  the  desktop  internal¬ 
ly,  and  Sun  Microsystems  Inc., 
which  has  already  done  so. 

IBM  has  confirmed  the  au¬ 
thenticity  of  a  recently  leaked 
memo  written  by  CIO  Bob 
Greenberg  detailing  interest  in 
moving  IBM’s  workforce  to 
Linux-based  desktops  by  the 
end  of  next  year. 

And  Novell  plans  to  move 

Linux,  page  16 


Merrill  Eyes 
Virtual  SANs 

IT  managers  seek 
more  control  of  data 

BY  LUCAS  MEARIAN 

IT  managers  at  Merrill  Lynch 
&  Co.  are  weighing  a  multi- 
million-dollar  project  to  de¬ 
ploy  intelligent  switches  that 
could  virtualize  the  broker¬ 
age’s  storage-area  networks 


•  BEYOND  LINUX:  IBM’s  desktop 
strategy  focuses  on  portals. 

Page  16 


s  LINUXWORLD  PREVIEW:  Users 
&-e  looking  lor  new  ways  to  lever¬ 
age  the  open-source  operating  sys- 
tem.Page16 

■  OUR  TAKE:  Linux  will  be  the  liveli¬ 
est  technology  space  to  watch  in 
2004,  says  Maryfran  Johnson. 

Page  22 


and  give  its  technology 
staffers  central  control  of  the 
data  stored  on  the  SANs. 

Having  completed  the 
buildout  of  a  second  major 
data  center  last  June,  Merrill 
Lynch  is  now  in  the  planning 
stages  of  the  storage-consoli¬ 
dation  move,  said  Mike  My- 
rick,  director  of  managed  stor¬ 
age  at  the  New  York-based 
company.  The  project  still 
needs  to  be  approved  by  cor¬ 
porate  executives,  he  added. 

Merrill  Lynch,  page  57 
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Data  Ready  To  Go 

Sybase  Data  Management  solutions 
deliver  the  data  agility  that  makes 
field  force  automation  possible.  Real 
results.  Real  ROI.  Real  fast. 
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Discover  how  Britannia  Airways 

saved  over  one  million  dollars 
and  improved  staff  management 
processes  with  Sybase,  the 
world's  number  one  provider 
of  mobile  middleware? 


The  Enterprise.  Uriwired. 


j  For  our  Britannia  Airways  case  study  visit. 

www.sybase.eom/ffa 


Security  Everywhere 

For  real-time  transactions,  nothing 
is  better  or  more  secure  than  Sybase 
SQL  Anywhere?  the  world's  leading 
mobile  data  management  and 
synchronization  solution. 


Extend  Your  Reach 

Sybase  M-Business  Anywhere™  lets 
you  mobilize  the  apps  you  already 
have  so  you  can  reap  more  value  from 
your  current  technology  investments. 


The  right  management  can  put  you  in  control  of  your  infrastructure, 
not  the  other  way  around. 

Unicenter  Infrastructure  Management  Software 

So  long,  mayhem.  Managing  on-demand  computing  is  here.  Unicenter  infrastructure  management  software  lets  you  take  control 
of  your  infrastructure  so  you  can  be  more  responsive  to  business.  With  automation  and  self-healing  capabilities  Unicenter  can 
help  control  costs  and  empower  you  to  do  more  with  less.  Unicenter  also  lets  your  infrastructure  react  to  changes  in  real  time, 
so  your  IT  and  business  priorities  are  always  in  sync.  Finally,  it  is  based  upon  a  service-oriented  architecture  that  simplifies 
your  IT  environment,  so  your  infrastructure  is  easier  to  manage.  To  learn  how  to  get  more  value  out  of  your  infrastructure, 
or  to  get  a  white  paper,  go  to  ca.com/infrastructure. 
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The  CIO  as  Chief  Communicator 
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IN  THE  TECHNOLOGY  SECTION: 

Storage  Virtualization  Gets  Down  to  Business 

Users  like  Tony  Catone  (left)  of  the  Philadelphia  Stock 
Exchange  have  learned  that  the  unified  view  of  stor¬ 
age  resources  provided  by  virtualization  can  reduce 
application  downtime  and  save  money.  Page  27 
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Souped-up  Security 

Traumatized  by  a  year  filled 
with  malicious  code  out¬ 
breaks,  network  managers 
are  eager  to  bolster  security 
and  offload  some  chores  to 
managed  security  service 
providers.  This  special  re¬ 
port  will  help  you  manage 
the  contractors  and  close  the 
security  holes 
opened  up  by 
telecommuters. 
PACKAGE  BEGINS  ON  PAGE  35. 


38  Farming  Out  IT  Security.  Outsourc 
ing  IT  security  functions  can 
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40  Security  and  QoS  Unite.  Merging 
the  two  technologies  gives  users 
multiple  lines  of  defense  against 
network  attacks.  ONLINE:  A  glos¬ 
sary  of  terms  related  to  network 
security  and  quality  of  service. 
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42  Security  Begins  at 
Home.  Your  network 
is  only  as  secure  as 
your  weakest  link 
—  which  might  be 
your  growing  popu¬ 
lation  of  telecom¬ 
muters.  ONLINE:  How 
prepared  are  you  to 
secure  access  by  re¬ 
mote  workers?  Take 
our  online  quiz  to  find 
out.  0  QuickLink  43691 

43  The  Almanac:  Security  problems 
at  Windows-based  ATMs  and  a 
short  history  of  telecommunica¬ 
tions  devices  are  among  the  topics 
covered  in  this  eclectic  collection 
of  network  security  news. 

44  QuickStudy:  A  primer  on  how  to 
tell  if  you’re  a  target  of  “phishing,” 
the  latest  tactic  in  identity  theft. 
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information. 

48  Opinion:  Honeypots  are 
sticky  little  traps  that  can 
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they  can  help  you  determine 
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and  the  possible  fixes,  says 
columnist  Mark  Hall. 
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Ask  the  Experts,  a 
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fessionals  answers 
readers’  questions  on 
how  to  better  defend 
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against  attack. 
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Journal.  A  discussion 
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rogue  access  points 
and  worms,  from  our 
security  experts. 
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The  Future  of 
Security  Manage¬ 
ment.  Expect  network 
and  systems  manage¬ 


ment  vendors  to  be¬ 
come  the  future  pur¬ 
veyors  of  security  ser¬ 
vices.  Why?  Because 
they  have  key  advan¬ 
tages  over  security 
pure  plays,  says  Ron 
Moritz,  chief  security 
strategist  at  Computer 
Associates. 
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NASA  Makes  CIO 
More  Independent 

NASA  announced  that  it’s  creat¬ 
ing  an  independent  office  of  the 
CIO  as  part  of  an  internal  reorga¬ 
nization  aimed  at  streamlining  its 
administration.  The  space  agency 
said  the  change  gives  Patricia 
Dunnington,  who  was  named  CIO 
last  March,  more  responsibility 
for  managing  its  IT  investments. 
Previously,  the  CIO’s  responsibili¬ 
ties  were  limited  to  setting  tech¬ 
nology  policies,  NASA  said. 


Novell  Indemnifies 
SUSE  Linux  Users 

Novell  Inc.  completed  its  buyout 
of  SUSE  Linux  AG  and  said  it  will 
indemnify  SUSE’s  users  against 
any  damages  resulting  from  The 
SCO  Group  Inc.’s  anti-Linux  cam¬ 
paign.  To  qualify,  users  must  buy 
SUSE  Linux  Enterprise  8  along 
with  a  support  contract  and  an 
“upgrade  protection”  mainte¬ 
nance  plan,  Novell  said.  Mean¬ 
while,  Open  Source  Development 
Labs  Inc.  in  Beaverton,  Ore.,  said 
it’s  setting  up  a  $10  million  de¬ 
fense  fund  for  Linux  users. 


Sun  Reports  Loss, 
Small  Drop  in  Sales 

Sun  Microsystems  Inc.  reported  a 
net  loss  of  $125  million  for  its 
second  quarter,  which  ended  Dec. 
28.  Revenue  was  $2.89  billion, 
down  1%  year  over  year.  Sun  dis¬ 
closed  plans  to  cut  300  jobs  by 
moving  some  manufacturing  op¬ 
erations  to  a  plant  in  Oregon.  But 
CEO  Scott  McNealy  said  the  com¬ 
pany  is  “not  changing  our  strate¬ 
gy  in  the  go-to-market  sense.” 


Short  Takes 

NOKIA  CORP.  said  it  will  out¬ 
source  its  desktop  systems  and 
help  desk  operations  to  IBM  in  a 
five-year  deal  valued  at  about 
$250  million. ...  The  U.S.  Envi¬ 
ronmental  Protection  Agency 
awarded  a  nine-year,  $700  mil¬ 
lion  systems  development  con¬ 
tract  to  LOCKHEED  MARTIN  CORP. 


PeopleSoft,  User  Group 
Continue  Verbal  Jousting 

Quest  details  PeopleSoft’s  demands; 
vendor  questions  commitment  claims 


BY  MARC  L.  SONGINI 

he  dispute  between 
PeopleSoft  Inc.  and 
the  Quest  user  group 
continued  last  week, 
as  officials  from  the  two  sides 
fired  more  verbal  shots  at 
each  other  in  the  wake  of  the 
software  vendor’s  decision  to 
withdraw  its  support  for  sev¬ 
eral  Quest  conferences. 

Quest,  an  independent 
group  for  users  of  J.D.  Edwards 
&  Co.’s  applications,  detailed  a 
list  of  conditions  that  People- 
Soft  had  sought  in  return  for 
its  participation  in  a  confer¬ 
ence  held  last  week  in  Chicago 
and  others  scheduled  for  this 
month  and  February.  People- 
Soft  acquired  J.D.  Edwards  last 
summer. 

The  conditions  included  a 
demand  that  PeopleSoft  be  al¬ 
lowed  to  review  messages 
from  the  user  group  to  its 
members  before  they  were 


distributed.  Quest  said  People- 
Soft  also  wanted  it  to  retract  a 
claim  that  the  company  would 
support  its  worldwide  user 
conference,  absolve  People- 
Soft  of  any  legal  or  financial 
obligations  related  to  existing 
commitments,  and  return  cus¬ 
tomer  marketing  data  that  J.D. 
Edwards  had  shared  with  the 
user  group.  Quest’s  board  of 
directors  rejected 
all  but  the  last  of 
the  conditions. 

“As  an  indepen¬ 
dent  user  group, 
we  believe  it  is  nec¬ 
essary  to  maintain 
the  right  to  com¬ 
municate  with  members  fre¬ 
quently  and  in  an  open,  un¬ 
edited  manner,”  said  Quest 
President  Barbara  Schmit  in 
comments  that  were  made  at 
the  Chicago  conference  and 
posted  on  the  Lexington,  Ky.- 
based  user  group’s  Web  site. 


Quest’s  board  felt  that  com¬ 
mitments  made  by  J.D.  Ed¬ 
wards  “should  be  followed 
through  on”  by  PeopleSoft, 
added  Schmit,  who  is  CIO  at 
Computer  Network  Technolo¬ 
gy  Corp.  in  Minneapolis. 

PeopleSoft  spokesman  Steve 
Swasey  acknowledged  that  the 
company  initially  committed 
to  support  the  Chicago  show 
and  three  other  Quest  events. 
But,  he  added,  Quest  falsely 
claimed  that  PeopleSoft  would 
support  its  global  and  regional 
conferences 
through  2006. 

“We  just  did  not 
want  Quest  to  con¬ 
vey  that  PeopleSoft 
is  obligated  when 
it’s  not,”  Swasey 
said.  “We  want  the 
message  to  be  honest.”  As  for 
the  customer  data,  PeopleSoft 
wanted  its  use  discontinued 
because  the  information  is 
outdated,  according  to  Swasey. 
“We  told  Quest  on  Dec.  15 
[that]  they  had  seven  days  to 
comply,  and  they  didn’t.  At 


MORE  NEWS 

PeopleSoft  extends  a  refund 
offer  to  users  to  help  fend  off 
Oracle’s  hostile  takeover  bid: 

O  QuickLink  44054 
www.computerworld.com 


Dell  Adds  Gigabit  Ethernet 
Devices  to  Switch  Line 


24-port  switches 
can  support  up  to 
3,500  end  users 

BY  MATT  HAMBLEN 

Dell  Inc.  today  will  announce 
two  Gigabit  Ethernet  switches 
that  are  the  highest-perform¬ 
ing  devices  it  has  rolled  out 
since  entering  the  networking 
market  in  September  2001. 

The  24-port  PowerConnect 
6024  and  6024F  are  designed 
to  support  network  connec¬ 
tions  for  up  to  3,500  end  users 
at  small  or  midsize  businesses, 
said  Ulrich  Hansen,  a  senior 
product  manager  at  Dell.  The 
switches  can  also  be  used  to 
aggregate  multiple  switches  or 
connect  servers  in  large  data 


centers,  he  added. 

In  addition  to  being  Dell’s 
largest  switches,  the  new 
products  are  its  first  Layer  3 
devices.  Hansen  said  the 
switches  will  ship  early  next 
month  at  a  list  price  of  $3,499, 
which  includes  a  three-year 
service  contract,  redundant 
power  supplies  and  built-in 
management  software. 

Josh  Vinyard,  IT  manager  at 
Diab  Inc.,  a  maker  of  compos¬ 
ite  materials  in  DeSoto,  Texas, 
has  been  testing  the  Power- 
Connect  6024  and  plans  to  buy 
the  switch  to  keep  up  with  the 
escalating  demands  on  his 
network.  “Everything  in  man¬ 
ufacturing  is  coming  online 
with  networkable  equipment,” 
he  said.  “We’re  moving  into  a 


PRODUCT  DETAILS 


PowerConnect 
6024  and  6024F 


PORT  i:  24  total  - 16  for  cop¬ 
per  cables  nd  8  that  support 
copper  or  fiber  on  the  6024; 
16  for  fiber  and  8  with  mixed 
capabilities  on  the  6024F 


MAXIMUM  SWITCHING 


OTHER  KEY  FEATURES: 

Dual  hot-swappable  power 
supplies  and  cooling  fans 


world  where  you  have  to  think 
ahead,  buy  smart  and  pray 
your  investment  isn’t  obsolete 
in  two  years.” 

Vinyard  said  the  price  of  the 
switch  is  low  enough  that  he 
had  to  call  Dell  officials  to 
make  sure  it  was  right.  He  pre¬ 
dicted  that  his  costs  might  be 
thousands  of  dollars  more  to 


that  point,  we  said,  ‘You  don’t 
have  a  relationship  with  us.’  ” 

The  rift  between  PeopleSoft 
and  Quest  became  public  two 
weeks  ago  [QuickLink  43921]. 

John  Matelski,  the  city  of 
Orlando’s  deputy  CIO  and  a 
Quest  board  member,  last 
week  said  that  the  user  group 
“will  continue  to  proactively 
try  to  re-establish  a  relation¬ 
ship  with  PeopleSoft.  But  until 
they’re  receptive  to  our  over¬ 
tures,  there’s  not  much  that 
can  be  done.” 

The  loss  of  PeopleSoft’s 
support  may  have  been  un¬ 
avoidable,  said  Mitch  Myers, 
vice  president  of  operations  at 
F.W.  Murphy  Instrumentation 
&  Control  Solutions  in  Tulsa, 
Okla.  “My  guess  is  that  People- 
Soft  has  their  own  user  group 
model,”  he  said.  “They  can’t 
afford  to  add  another.” 

Dave  Hyzy,  director  of  IT  at 
Benderson  Development  Co. 
in  Buffalo,  N.Y.,  resigned  from 
Quest’s  board  last  month  over 
its  dealings  with  PeopleSoft, 
after  just  11  days  as  a  member. 
Hyzy  last  week  said  the  user 
group’s  directors  seem  more 
interested  in  preserving  their 
positions  “than  in  working 
with  PeopleSoft  to  resolve  this 
rift  in  the  best  interests  of  the 
members.”  O  44113 


get  similar  hardware  from  oth¬ 
er  vendors  once  support  costs 
and  management  software  are 
included. 

“If  it  weren’t  for  Dell,  there 
would  be  no  way  I  could  even 
think  about  growing  our  net¬ 
work  to  meet  the  needs  of  our 
user  base,”  Vinyard  said. 

Dell  is  six  to  nine  months 
behind  the  switching  products 
road  map  it  announced  when 
it  entered  the  market,  said 
Mark  Fabbi,  an  analyst  at  Gart¬ 
ner  Inc.  “Dell  found  network¬ 
ing  is  harder  than  they 
thought,”  Fabbi  said.  “They  ex¬ 
pected  to  sell  more  than  they 
did  and  expected  to  move 
from  Layer  2  to  3  more  rapidly 
than  they  could.” 

But  he  added  that,  to  Dell’s 
credit,  it  also  has  taken  more 
time  on  development  than 
originally  intended  to  bulk  up 
its  technical  and  support  ex¬ 
pertise.  ©  44083 
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District  of  Columbia  Melds 
Budgeting  for  68  Agencies 


Software  deal  with 
Hyperion  part  of 
$71.5M  IT  revamp 

BY  DAN  VERTON 

WASHINGTON 

The  District  of  Columbia 
tomorrow  will  announce  a 
plan  to  deploy  an  integrated 
suite  of  applications  that  for 
the  first  time  will  enable  all 
68  of  its  government  agencies 
to  conduct  performance- 
based  budgeting  and  to  prove 
that  forecast  savings  from  IT 
upgrades  have  actually  been 
realized. 

The  $6  million  deal  with 
Sunnyvale,  Cahf. -based  Hype¬ 
rion  Solutions  Corp.,  which  in¬ 
cludes  three  software  mod¬ 
ules,  hardware  and  mainte¬ 
nance  costs,  is  the  city’s  latest 
move  in  a  five-year,  $71.5  mil¬ 
lion  modernization  program 
that  promises  to  save  the  gov¬ 
ernment  more  than  $60  mil¬ 


lion  annually.  The  district 
plans  to  complete  the  rollout 
of  three  Hyperion  financial 
modules  by  September,  in 
time  for  the  start  of  its  fiscal 
year. 

The  three  modules  cover 
budgeting,  perfor¬ 
mance  scorecard- 
ing  and  analysis, 
said  Sandy  Lazar, 
director  of  key  sys¬ 
tems  for  the  dis¬ 
trict’s  chief  tech¬ 
nology  officer. 

“Today,  it’s  a 
pretty  onerous 
process  involving 
spreadsheets  and 
floppy  disks,”  said 
Lazar.  “With  the 
budget  module,  all 
of  the  agencies  will 
formulate  their 
budgets  online,  au¬ 
tomatically  check 
account  balances 
and  conduct  what- 


if  analysis,  and  then  submit 
their  budgets  to  a  central 
repository,”  he  said.  “For  the 
first  time,  we’ll  be  able  to  take 
a  really  strong  look  at  perfor¬ 
mance  across  the  city.” 

But  getting  to  this  point  has 
been  a  long  slog 
dating  to  2001. 
That’s  when  the 
groundwork  — 
the  plan  and  the 
estimates  for  the 
return  on  invest¬ 
ment  —  was  laid 
for  what  the  city 
calls  its  Adminis¬ 
trative  Services 
Modernization 
Program  (ASMP). 
The  program  is  a 
massive  ERP  ef¬ 
fort  that  by  2006 
will  have  com¬ 
pletely  reinvented 
nearly  every  busi¬ 
ness  process  man¬ 
aged  by  every  city 


agency  —  including  procure¬ 
ment,  human  resources,  pay¬ 
roll,  time  and  labor,  budget 
and  planning,  pension  and 
benefits  administration,  and 
property  management. 

Worst  to  First 

But  it’s  only  now  that  the  dis¬ 
trict  has  been  able  to  take  a  se¬ 
rious  look  at  deploying  the 
next  generation  of  business 
applications,  said  Suzanne 
Peck,  the  city’s  CTO. 

“Five  years  ago,  we  were 
probably  among  the  five  worst 
municipal  organizations  in  the 
nation  in  terms  of  IT  infra¬ 
structure,”  she  said.  And  that’s 
not  an  exaggeration,  consider¬ 
ing  that  at  that  time  the  dis¬ 
trict’s  IT  infrastructure 
amounted  to  8,000  rotary  tele¬ 
phones,  no  WAN  to  speak  of,  a 
Web  site  with  a  paltry  500 
pages  and  an  e-mail  system 
that  could  handle  no  more 
than  200  messages  per  day. 

The  ASMP  effort,  said  Peck, 
“started  the  inexorable  jour¬ 
ney  from  worst  to  first.”  To¬ 
day,  the  district  has  400  WAN 
locations,  30,000  Integrated 
Services  Digital  Network 
lines,  a  Web  portal  that  boasts 


i 


Companies  providing  products 
and  services  for  D.C.’s  $71.5 
million  iT  overhaul  include 
the  following: 

INTEGRATORS 

Accenture  Ltd.  HR 

BearingPoint  Inc.  Budgeting 
and  genera!  ledger 

Unisys  Corp.  Procurement 

SOFTWARE  VENDORS 
Archibus  Inc. 

Property  management 

Ariba  Inc.  Procurement 

Hyperion  Budget  and  planning 

PeopleSoft  Inc.  HR.  payroll, 
benefits  and  pension,  time 
and  labor 

SeeBeyond  Technology  Corp. 

Enterprise  application 
integration 

PLATFORM  VENDORS 
IBM,  Sun  Microsystems  Inc. 

AIX  and  Solaris  for  database 
and  application  servers 

Microsoft  Corp. 

Windows  for  Web  servers 

200,000  pages  and  the  founda¬ 
tion  for  an  integrated  ERP  in¬ 
frastructure  that  can  handle 
real-time  transactions. 

Lessons  Learned 

But  success  has  come  with  its 
share  of  lessons  learned. 
“Don’t  start  something  of  this 
magnitude  without  spectacu¬ 
lar  leadership,”  said  Peck.  In 
addition,  “begin  with  benefits 
realization  before  you  do  any 
implementation  of  any  kind,” 
she  said.  “If  you  want  money 
for  an  initiative,  you  have  to 
show  what  you’re  going  to  get 
back  from  it.”  And  with  3,500 
metrics  monitoring  agency 
performance  being  integrated 
into  the  Hyperion  scorecard 
module,  city  managers  have  a 
granular  view  of  exactly  how 
agencies  are  performing  and 
what  savings  are  being  gained, 
she  said. 

“Middleware  was  also  a 
great  technology  advance  for 
us,”  added  Peck.  “This  allowed 
us  to  take  the  very  best  soft¬ 
ware  and  make  the  very  best 
competitive  deals  while  hav¬ 
ing  the  advantages  of  tightly 
integrated  software.”  ©  44120 


Shareholder  Suit  Against  EDS  Can  Proceed,  Court  Rules 


Former  execs  allegedly  inflated  earnings 


BY  DAN  VERTON 

A  U.S.  District  Court  in  Texas 
last  week  denied  a  motion 
filed  by  Electronic  Data  Sys¬ 
tems  Corp.  to  dismiss  a  class- 
action  shareholder  lawsuit  al¬ 
leging  that  two  former  top  ex¬ 
ecutives  knowingly  misrepre¬ 
sented  company  earnings  and 
the  health  of  the  multibillion- 
dollar  Navy/Marine  Corps  In¬ 
tranet  contract. 

In  a  27-page  ruling,  District 
Judge  Leonard  Davis  conclud¬ 
ed  that  lawyers  for  the  EDS 
shareholders  presented 
“strong”  evidence  that  former 
EDS  Chairman  and  CEO 
Richard  Brown  and  former 
Chief  Financial  Officer  Jim 
Daley  misrepresented  earn¬ 
ings  and  facts  related  to  the 
troubled  N/MCI  contract. 

That,  along  with  other  fac¬ 
tors,  allowed  the  company’s 


stock  to  be  traded  at  falsely  in¬ 
flated  prices,  according  to  the 
plaintiffs. 

“Having  established  that  de¬ 
fendants  knew  of  problems 
that  existed  on  the  N/MCI 
contract,  the  court  concludes 
that  plaintiffs  have  pled  suffi¬ 
cient  facts  to  show  that  defen¬ 
dants  made  misrepresenta¬ 
tions  or  omissions  to  in¬ 
vestors,”  wrote  Davis.  “The 
court  also  finds  a  strong  infer¬ 
ence  that  defendants 
were  extremely  reck¬ 
less  in  continuing  to 
recognize  any  rev¬ 
enue  on  the  project 
when  they  were  al¬ 
legedly  pursuing  a 
tactic  of  intentionally 
providing  goods  that 
did  not  meet  contract 
specifications.” 

The  ruling  isn’t  a  finding  of 


guilt,  but  rather  a  conclusion 
that  the  plaintiffs  have  a  legiti¬ 
mate  case  to  pursue. 

Kevin  Lightfoot,  a  spokes¬ 
man  for  Plano,  Texas-based 
EDS,  said  the  company  is 
“clearly  disappointed  with  this, 
but  not  completely  surprised 
by  the  judge’s  ruling.”  He  said 
EDS  “continues  to  believe  that 
the  allegations  against  it  are 
without  merit,”  adding  that 
the  company  still  plans  to 
defend  itself  vigor- 
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The  court  ruled  that  EDS  was 
“extremely  reckless.” 


ously  [QuickLink  42348]. 

The  shareholder  complaint 
stems  from  a  Sept.  18,  2002, 
EDS  announcement  that  it  ex¬ 
pected  its  third-quarter  2002 
earnings  to  fall  short  of  the 
company’s  prior  guidance  by 
approximately  80%.  A  week 
later,  securities  analysts  dis¬ 
covered  that  EDS  hadn’t  dis¬ 
closed  certain  financial  obliga¬ 
tions  related  to  the  sale  of 
“put”  contracts  on  its  own 
stock,  which  would  require 
the  company  to  pay  $225 
\  million.  As  a  result,  the 
\  price  of  EDS’s  stock 
tumbled,  and  share¬ 
holders  lost  about  $11.8. 

'  billion  in  value. 

Last  May,  EDS  reported  a 
quarterly  net  loss  of  $126  mil¬ 
lion,  blaming  it  on  “problem 
contracts”  and  a  whopping 
$334  million  pretax  loss  stem¬ 
ming  from  difficulties  with  the 
N/MCI  program  [QuickLink 
38372].  ©  44087 


H  [With  the 
previous 
processes] you 
wonder  how  any¬ 
thing  got  done. 

SANDY  LAZAR, 
director  of  key  systems. 
District  of  Columbia 


GOMPUTERWGRLO  January  19, 2004 


NEWS 


www.computerworld.com 


Microsoft  Extends 
Win  98  Support . . . 

Microsoft  Corp.  dropped  a  plan  to 
end  support  for  its  Windows  98 
operating  systems  as  of  last  Fri¬ 
day  and  said  it  will  continue  to 
provide  telephone  help  and  secu¬ 
rity  updates  until  June  30,  2006. 
The  company  said  it  made  the 
extension  in  response  to  requests 
from  users  and  to  bring  Windows 
98  Second  Edition  in  line  with 
the  seven-year  support  life-cycle 
policy  it  announced  last  October. 


. . .  And  Updates 
Integration  Tools 

In  other  product  news,  Microsoft 
released  an  upgrade  of  Windows 
Services  for  Unix,  a  set  of  tools 
for  integrating  Unix  and  Win¬ 
dows  systems.  The  company 
said  Version  3.5  supports  faster 
Network  File  System  perfor¬ 
mance  and  can  be  downloaded 
at  no  cost.  The  software,  which 
also  can  be  used  to  move  Unix 
applications  to  Windows  ma¬ 
chines,  previously  cost  $99. 


Oracle  Splits  CEO, 
Chairman  Positions 

Oracle  Corp.  said  CEO  Larry  Elli¬ 
son  is  handing  over  his  position 
as  chairman  to  Jeff  Henley,  who 
will  give  up  his  job  as  chief  finan¬ 
cial  officer  once  a  replacement 
is  named.  The  change  doesn’t 
affect  Ellison’s  management 
duties,  Oracle  said.  It  also  gave 
president  titles  to  Safra  Catz, 
who  runs  global  operations, 
and  Charles  Phillips,  who  heads 
sales,  marketing  and  consulting. 


HP  Boosts  Effort 
To  Enforce  Patents 

Hewlett-Packard  Co.  said  it 
plans  to  increase  enforcement  of 
its  intellectual  property  rights, 
although  the  company  doesn’t 
plan  to  target  technology  users. 
HP  has  set  up  several  licensing 
programs  aimed  at  other  vendors 
that  allegedly  make  use  of  its 
patented  technology  in  products. 


MARK  HALL  ■  ON  THE  MARK 

Pricey  Fibre  Channel 
SANs  Make  No  Sense . . . 


. . .  for  medium-size  or,  certainly,  small  companies.  But  it’s  not  just 
because  they  need  a  “let’s  go  to  Mars”  budget.  They’re  complex  to  deploy 
and  maintain,  requiring  time  and  skills  seldom  available  in  anything 
but  big  IT  operations.  “The  SAN  industry  has  been  very  successful 
telling  us  a  compelling  story,”  observes  Zophar  Sante,  vice  president 
of  market  development  at  IP  SAN  provider  SANRAD  Inc.  in  Alameda, 
Calif.  “But  the  industry  hasn’t  said  it’s  easy  and  cheap.”  That’s  forced 


most  companies  to  stick  with  the  ineffi¬ 
ciencies  of  direct-attached  storage  or  in¬ 
stall  pokey  network-attached  storage  sys¬ 
tems.  These  systems  lag  IP  SANs  in  per¬ 
formance  by  40%,  claims  Mark  Woithe, 
director  of  storage  marketing  at  Xiran,  a 
division  of  SimpleTech  Inc.  in  Santa  Ana, 
Calif.  Neither  vendor  pretends  that  IP 
SANs  compete  with  Fibre  Channel  for 
speed.  “A  Fibre  Channel  SAN  is  reliable 
and  has  great  performance,”  Sante  ad¬ 
mits.  “But  it’s  not  about  replacing  IP 
SANs.  It’s  about  delivering  SANs  to  the 
masses.”  Both  vendors  will  cater  to  the  IT 
proletariat  with  new  products.  SANRAD 
this  week  begins  shipping  its  V-Switch 
2000,  which  can  link  up  to 
256  servers,  sharing  as  many 
as  68,000  storage  volumes. 

It’s  available  now  and  goes 
for  $12,500.  And  late  next 
month,  Xiran  will  ship  its 
DPA 1400  card,  which  fits 
into  a  server’s  PCI  slot.  The 
card  virtualizes  the  direct- 
attached  storage  so  it  can  be 
shared  in  an  IP  SAN.  The 
$750  card  is  packed  with 
250MB  of  memory  and  can 
be  used  as  either  a  target  or 


initiator  in  the  IP  SAN.  ■  The  IT  masses 
are  certainly  growing  in  numbers,  espe¬ 
cially  overseas.  And  they’re  apparently  a 
tad  rough  on  the  storage  systems.  That’s 
what’s  behind  the  expansion  of  Armonk, 
N.Y.-based  CBL  Data  Recovering  Tech¬ 
nologies  Inc.  into  Brazil  by  the  end  of 
next  quarter  and  into  Russia  by  year’s 
end.  That  will  make  nine  countries  plus 
the  U.S.  home  to  CBL’s  labs,  where  users 
can  send  their  nonworking,  unaccessible 
disk  drives,  optical  devices,  CD-ROMs 
and  even  floppies.  “We  don’t  do  main¬ 
frames.  But  other  than  that,  we  can  re¬ 
trieve  the  data,”  says  CEO  Bill  Margeson. 
CBL  technicians  detect  the  signal  on  a 
disk  that  determines  a  bit’s 
0  or  1  status,  translate  every¬ 
thing  into  hexidecimal  code, 
re-create  the  file  structure 
and  data,  and  copy  it  all  to  a 
new,  safe  medium  and  re¬ 
turn  it  to  you.  In  more  than 
a  decade  of  doing  this  work, 
Margeson  has  noticed  some 
trends.  Every  year,  as  a  new 
generation  of  drives  hits  the 
streets,  “an  Edsel  or  two  will 
come  out.”  And  this  year? 
GMR  drives,  according  to 


Snappy  Security 


SnapGear  Inc.  inWest 
Jordan,  Utah,  this 
week  ships  its  $399 
Linux-powered  PCI635 
card,  which  is  installed 
in  a  server  or  a  PC 
and  offloads  intrusion- 
detection,  firewall  and 
VPN  functions  from  the 
host  CPU. 


Margeson.  Seems  the  “smart”  technology 
inside  the  Giant  Magneto-Resistance 
head  devices  occasionally  gets  corrupted, 
making  the  data  stored  on  them  impossi¬ 
ble  to  read.  Another  pattern  he’s  noticed: 
65%  of  the  failures  are  hardware-related,  and 
35%  are  people-related.  How  so?  “People 
don’t  know  what  to  do  when  access  to 
data  is  taken  from  them,”  Margeson  says. 
“They  can’t  surrender.”  What  IT  admins 
often  do  is  to  continue  to  work  on  the 
problem  even  after  the  disk  drive  starts 
clicking.  “If  you  hear  a  ‘click-click’  sound, 
you  might  as  well  give  up,”  he  advises.  If 
you  send  it  to  a  CBL  lab,  techs  will  diag¬ 
nose  it  for  free,  but  the  data  on  15%  of  the 
media  inspected  can’t  be  saved.  If  CBL 
can  retrieve  the  data,  it’ll  cost  you  $100 
per  hour.  To  fix  a  RAID  system  might  set 
you  back  about  $2,000,  which  will  seem 
cheap  when  the  data  shows  up  on  users’ 
monitors  once  again.  ■  FileNet  Corp.  in 
Costa  Mesa,  Calif.,  and  McLaren  Soft¬ 
ware  Ltd.  in  Glasgow,  Scotland,  tomor¬ 
row  will  announce  plans  to  tightly  inte¬ 
grate  FileNet’s  P8  content  management 
engine  into  McLaren’s  Enterprise  Engi¬ 
neer  for  the  process  industry.  FileNet 
said  it  will  announce  other  software-inte¬ 
gration  deals  for  manufacturing  and  sup¬ 
ply  chain  users  in  the  coming  months. 
The  upgraded  version  of  Enterprise  En¬ 
gineer  will  ship  in  Q4.  ■  If  you’re  in¬ 
volved  in  linking  your  procurement  spe¬ 
cialists  with  small  manufacturers  overseas 
that  lack  IT  resources,  consider  Stepping- 
Stones  Version  1.3  from  Tradestone  Soft¬ 
ware  Inc.  in  Gloucester,  Mass.  The  up¬ 
grade,  available  Jan.  31,  adds  a  logistics 
management  feature  as  an  online  service 
to  its  current  multilanguage  software  that 
handles  sourcing  issues  from  the  request- 
for-quotes  stage  through  customs  and  ar¬ 
rival  in  your  warehouse.  Its  key  feature, 
boasts  CEO  Sue  Welch,  is  ease  of  use.  It 
requires  almost  no  training,  so  anyone 
can  use  it.  Even  the  masses.  O  44088 


Security  Flaws  Put  VoIP  Systems  at  Risk 


BY  JAIKUMAR  VIJAYAN 

The  disclosure  last  week  of 
critical  vulnerabilities  in 
voice-over-IP  products  from 
several  major  vendors  shows 
why  companies  need  to  pay 
close  attention  to  security 
when  deploying  IP  telephony 
technologies,  analysts  said. 

The  flaws  were  discovered 
by  Britain’s  National  Infra¬ 
structure  Security  Co-ordina¬ 
tion  Centre  using  a  test  suite 
designed  by  a  group  of  re¬ 
searchers  at  the  University  of 


Oulu  in  Finland.  The  flaws  ex¬ 
ist  in  VoIP  products  that  sup¬ 
port  the  H.323  protocol,  which 
is  used  to  exchange  audio  and 
video  communications. 

Products  sold  by  Microsoft 
Corp.,  Cisco  Systems  Inc.  and 
Nortel  Networks  Ltd.  are 
among  the  affected  software, 
and  the  risks  to  users  include 
denial-of-service  attacks  and 
malicious  hackers  taking  con¬ 
trol  of  systems,  according  to 
an  advisory  issued  by  Internet 
Security  Systems  Inc.  (ISS). 


Neel  Mehta,  a  security  re¬ 
searcher  at  Atlanta-based  ISS, 
said  the  vulnerabilities  are  the 
result  of  coding  errors  in  indi¬ 
vidual  H.323  implementations. 
The  flaws  in  Cisco’s  Internet¬ 
working  Operating  System 
(IOS)  software  present  the 
biggest  concern  because  of  its 
widespread  use  in  Internet 
routers,  Mehta  said. 

In  its  own  advisory,  Cisco 
said  all  products  that  run  IOS 
and  support  H.323  packet 
processing  are  affected  by  the 


flaws.  Several  other  IP  tele¬ 
phony  products  are  at  risk, 
even  though  they  don’t  run 
IOS,  the  company  added.  Cis¬ 
co  released  patches  for  all  of 
the  affected  devices. 

Microsoft  warned  users  that 
the  H.323  filter  in  its  Internet 
Security  and  Acceleration 
Server  2000  software  is  vul¬ 
nerable  and  gave  the  flaw  a 
“critical”  severity  rating. 
Attackers  could  use  the  secu¬ 
rity  hole  to  take  complete  con¬ 
trol  of  compromised  systems, 
said  Microsoft,  which  also 
released  software  patches. 

©  44126 


By  cutting  up  to  80%  off  your  development  time, 
Visual  Studio®  .NET  2003  gives  you  more  time  to  do 
what  you  do  best.  Think. 


Got  a  big  idea?  Visual  Studio  .NF.T  2003  delivers  a  higher 
level  of  productivity,  so  you  can  turn  that  big  idea  into 
reality  faster  than  you  ever  thought  possible.  Want  proof? 
Merck  &  Co.  Inc.  was  able  to  create  a  solution  that 
accelerated  and  improved  the  accuracy  of  their  monitoring 
process  in  a  time  frame  barely  imaginable  before  they 
began  using  Visual  Studio  .NET  2003.  To  read  the  full  story 
on  how  Merck  and  other  companies  are  using  Visual  Studio 
.NET  2003  to  quickly  turn  their  big  ideas  into  reality,  visit 

msdn.microsoft.com/visual/think 
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German  Retailer’s  RFID 
Effort  Rivals  Wal-Mart’s 


Metro  Group  asks  suppliers  to  tag  pallets 
and  cases  by  Nov.,  tests  item-level  tagging 


BY  CAROL  SLIWA 

NEW  YORK 

WAL-MART  STORES 
Inc.  isn’t  the 
only  major  re¬ 
tailer  to  issue  an 
RFID  edict  to  its  top  suppliers. 

Metro  Group,  a  German  re¬ 
tailer  with  more  than  2,300 
stores  in  28  countries,  an¬ 
nounced  here  last  week  that  it 
has  asked  its  leading 
suppliers  by  Novem¬ 
ber  to  start  affixing 
radio  frequency  iden¬ 
tification  (RFID)  tags 
to  the  pallets  and  cas¬ 
es  they  ship  to  10  cen¬ 
tral  warehouses  and 
roughly  250  super¬ 
markets  and  depart¬ 
ment  stores. 

Wal-Mart’s  top  100 
suppliers  face  a  Janu¬ 
ary  2005  deadline  for 
compliance  with  its  directive 
for  RFID-tagged  pallets  and 
cases.  The  Bentonville,  Ark- 
based  retailer’s  rollout  will 
start  at  three  Texas  distribu¬ 
tion  centers  that  service  about 
150  stores  [QuickLink  42676]. 

But  while  all  eyes  in  the  U.S. 
retail  industry  tend  to  focus 
on  Wal-Mart,  those  interested 
in  early  results  might  want  to 
look  at  the  pilots  Metro  has 
undertaken  in  Europe.  In 
April,  Metro  opened  a  so- 
called  future  store  in  Rhein- 
berg,  Germany,  to  pilot  a  num¬ 
ber  of  technologies,  including 


RFID,  and  its  in-store  tests 
have  gone  beyond  the  pallet 
and  case  level. 

Metro  does  item-level  tag¬ 
ging  on  razor  blades  from 
Gillette,  cream  cheese  from 
Kraft  and  Pantene  shampoo 
from  Procter  &  Gamble.  CIO 
Zygmunt  Mierdorf  said  the 
company  tags  products,  cases 
and  pallets  at  its  distribution 
center  and  runs  the 
goods  through  read¬ 
ers  at  the  center  and 
later  at  the  store, 
when  the  items  arrive 
and  when  they  move 
from  the  back  room 
to  the  shopping  floor. 

RFID  tags  have  a 
distinct  advantage 
over  bar  codes  be¬ 
cause  they  can  identi¬ 
fy  a  container’s  con¬ 
tents  without  line-of- 
sight  scanners,  and  the  waves 
they  emit  can  pass  through  ma¬ 
terials  such  as  cardboard  and 
plastic.  Each  tag  contains  an 
antenna  and  a  microchip  that 
transmits  information  about  a 
tagged  item  to  a  reader,  which 
converts  the  radio  waves  into  a 
digital  form  that  can  be  passed 
to  computer  systems. 

Getting  real-time  informa¬ 
tion  about  tagged  cases  and 
products  can  help  retailers  re¬ 
duce  the  number  of  out-of- 
stock  items  and,  overall,  re¬ 
duce  the  inventory  in  their 
supply  chains.  Metro’s  RFID 


applications  are  connected  via 
a  wireless  network  to  an  “in¬ 
formation  dashboard”  where 
employees  can  track  the 
tagged  pallets,  items  and  cas¬ 
es,  Mierdorf  said. 

A  second  Metro  pilot  ex¬ 
tends  all  the  way  back  to  the 
manufacturer,  so  the  retailer 
can  trace  goods  from  the  place 
they’re  made  to  the  point  of 
sale.  That  pilot  is  being  done 
with  a  popular  German  fashion 
brand,  Gerry  Weber.  Reusable 
tags  are  affixed  to  garments 
and  read  at  Metro’s  central 
warehouse  and  two  of  its  Gale- 
ria  Kaufhof  department  stores, 
where  the  clothes  are  further 
tracked  on  shelves  and  at 
checkout  stations. 

A  third  pilot  is  due  to  start 
soon  with  Procter  &  Gamble 
Co.’s  European  division  and 
Metro’s  wholesale  Cash  & 
Carry  stores  for  business  cus¬ 
tomers,  according  to  Mierdorf. 
The  pilot  will  start  with  pal¬ 
lets  and  cases  and  eventually 
move  to  the  item  level.  As  op¬ 
posed  to  the  first  two  pilots, 
which  were  done  for  research 
purposes  for  supply  chain  and 
inventory  control  plus  theft 
protection,  the  third  pilot  is 
being  used  to  determine  the 
business  case,  Mierdorf  said. 

Mierdorf  declined  to  dis¬ 
close  costs,  saying  only  that  he 
wants  to  gain  a  clear  under¬ 
standing  of  the  benefits  and 
implications  on  the  supply 
chain.  “I  don’t  want  to  run  into 
big  surprises  when  we  hook  a 
hundred  suppliers  into  the 
network,”  he  said. 
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MIERDORF 

says  he  needs  a 
clear  picture  of 
RFID’s  effect  on 
the  supply  chain. 


Metro  Group’s  RFID  Timeline 


Opens  “future  store"  in  Rheinberg,  Germany; 
pallets  and  cases  are  shipped  with  RFID  tags,  and 
tags  are  affixed  to  Gillette  razor  blades,  Kraft 
cream  cheese  and  Procter  &  Gamble  shampoo. 


Will  commence  end-to-end 
pilot  with  Procter  &  Gamble,  from 
manufacturing  site  to  distribution 
center  to  Cash  &  Carry  stores. 


Over  300  suppliers  expected 
to  ship  pallets  and  cases  with 
RFID  tags;  all  German  ware¬ 
houses  to  be  RFID-ready. 
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•  *  Starts  end-to-end  pilot  with  tags  on  garments,  from  manu-  *100  suppliers  expected  to  affix  RFID  tags  to  pallets  and 

facturing  site  to  central  warehouse  to  two  department  stores.  packages  to  10  central  warehouses  and  250  stores. 


Wai-Mart  Takes  Tough- Love’ 
Approach  With  RFID  Directive 


NEW  YORK 

Wal-Mart  Stores  is  taking  a 
“tough-love”  approach  on  RFID  : 
with  the  top  100  suppliers  that 
are  being  asked  by  January 
2005  to  ship  pallets  and  cases  * 
to  its  distribution  centers  using  : 
the  technology.  i 

H.  Lee  Scott,  president  and 
CEO  of  the  retailer,  said  last  J 

week  during  a  keynote  address  : 
at  the  National  Retail  Federa¬ 
tion  annual  conference  here 
that  there’s  pressure  to  move  J 

the  suppliers  to  RFID  “but  also 
an  understanding  that  we’re  ; 

not  trying  to  hurt  them  either.”  * 
“If  they  just  can't  do  it,  i 
mean,  it’s  not  like  we’re  going 
to  quit  doing  business  with 
them,”  Scott  said.  • 

Only  Wal-Mart's  top  100 
suppliers  face  the  January 
2005  deadline  that  the  retailer  * 
set  for  compliance,  but  the  rest  : 
have  been  asked  to  follow  suit  * 
by  the  start  of  2006.  Wal-Mart 
late  last  year  informed  its  top  ; 
suppliers  during  a  meeting  in  ; 

Arkansas  that  the  RFID  rollout  • 
will  start  at  its  three  Texas  dis-  : 
tributiori  centers,  servicing 
about  150  stores,  and  continue  * 
incrementally  across  the  coun¬ 
try.  Plans  call  for  the  time  frame  : 

Using  RFID  technology  isn’t 
without  problems.  Mierdorf 
said  that  standards  and  band¬ 
width  issues  have  yet  to  be  re¬ 
solved,  and  the  cost  of  the  tags 
must  come  down  from  their 
current  25  to  50  cents  apiece. 

Information  transmission 
problems  still  occur  involving 
glass,  metal  and  liquids,  and 
accuracy  rates  aren’t  always 
100%  for  other  materials. 
Mierdorf  said  his  company 
gets  100%  read  rates  with  gar¬ 
ments  that  lie  flat  but  only 
96%  read  rates  with  hanging 
garments.  He  said  that  will 
have  to  improve  for  the  com¬ 
pany  to  rely  on  the  technology. 

Mierdorf  said  companies 
should  run  their  own  pilots 
and  trials  to  determine  the  im¬ 
pact  on  and  potential  benefits 
for  their  own  businesses.  “We 
can’t  talk  about  the  individual 


for  the  remainder  of  the  108 
distribution  centers  and  3,000 
stores  to  be  disclosed  later,  on 
a  roiling  basis,  to  suppliers 
through  Wal-Mart’s  RetailLink 
extranet  site. 

Scott  said  he  thinks  the  time 
frame  is  realistic,  “but  if  it  isn’t, 
we’ll  back  off.”  He  said  that  he 
recently  met  with  suppliers,  and 
“they  were  very  positive  in  what 
they  were  doing.” 

“I  don’t  think  they  were  just 
doing  that  - 1  don’t  know  what 
the  technical  term  for  it  is  -  we 
call  it  ‘sucking  up,’ "  Scott 
added,  his  comments  greeted 
by  laughter  from  many  of  the 
more  than  2,000  retailers  and 
industry  observers  in  atten¬ 
dance.  “But  I  think  many  of  our 
suppliers  are  right  in  the  midst 
of  it  and  involved,”  he  said. 

Scott  told  the  attendees  that 
RFID  is  “a  very  important  inno¬ 
vation"  and  that  benefits  will 
be  seen  over  the  long  term  - 
not  in  2004.  He  said  RFID  ulti¬ 
mately  will  allow  retailers  and 
suppliers  to  drive  costs  out  of 
the  business  and  do  a  better 
job  of  keeping  items  in  stock, 
so  they’ll  be  able  to  pass  cost 
savings  on  to  consumers. 

-  Carol  Sliwa 

benefits  for  company  A,  B  and 
C.  They  have  to  find  out,”  he 
said,  adding  that  companies 
will  have  to  change  their  inter¬ 
nal  processes  to  take  full  ad¬ 
vantage  of  RFID. 

But  no  matter  how  many  pi¬ 
lots  Metro  does,  one  fact  re¬ 
mains  clear:  Item-level  tagging 
won’t  be  done  on  a  mass  scale 
anytime  soon.  Metro  CEO 
Hans  Joachim-Korber  said  he 
expects  it  will  take  at  least  a 
decade  before  RFID  is  univer¬ 
sally  accepted  and  applied. 

“We  don’t  care  about  [that]. 
We  have  to  start,”  he  added. 

“In  the  end,  it  will  replace  the 
bar  code.”  O  44114 


DATA  HOT 

The  EPCglobai  standards  body  addresses 
the  problem  of  RFID  data  management: 

QuickLink  44133 
wwwxomputerworld.com 
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IT,  Vendors  Scramble 
To  Combat  Phishing 


E-mail  scams 


proliferate,  target 
personal  data 

BY  JAIKUMAR  VIJAYAN 

HE  RAPID  GROWTH 
of  so-called  phishing 
scams  has  left  IT 
managers,  industry 
groups  and  technology  ven¬ 
dors  scrambling  to  deal  with 
the  e-mail  fraud  problem. 

A  large  part  of  the  effort  is 
focused  on  consumer  aware¬ 
ness  programs,  cross-border 
law  enforcement  activities  and 
improvements  in  information 
sharing  between  companies 
and  authorities.  But  new  tools 
and  services  that  could  help 
companies  better  detect  and 


respond  to  such  scams  are 
also  beginning  to  emerge. 

For  example,  Cyota  Inc.,  a 
New  York  company  that  offers 
secure  payment  services  to 
banks,  is  beta-testing  an  anti¬ 
phishing  service  that  uses  a 
network  of  probes  seeded 
around  the  Internet  to  detect 
scams,  said  CEO  Naftali  Ben- 
net.  The  technology  could  also 
help  users  apply  countermea¬ 
sures,  Bennet  added.  He  said 
he  expects  the  beta-testing  to 
continue  for  several  months. 

Bath,  England-based  Net- 
craft  Ltd.  on  Jan.  5  launched  a 
service  aimed  at  detecting  and 
tracking  Web  sites  involved  in 
phishing  scams.  Envisional 
Ltd.,  a  Cambridge,  England- 
based  provider  of  antipiracy 


and  online  brand  protection 
services,  added  antiphishing 
capabilities  to  its  offerings  in 
December.  Brightmail  Inc.  in 
San  Francisco  and  Cyveillance 
Inc.  in  Arlington,  Va.,  have 
also  announced  services  de¬ 
signed  to  stop  phishing  scams. 

The  goal  of  phishing  is  to 
fool  people  into  parting  with 
personal  information  such  as 
their  credit  card,  driver’s  li¬ 
cense  and  bank  account  num¬ 
bers.  The  schemes  typically 
involve  e-mails  with  messages, 
return  addresses,  links  and 
branding  that  appear  to  come 
from  reputable  companies. 

Last  week,  for  instance, 
Citibank  Inc.  and  London- 
based  Barclays  Bank  PLC 
warned  customers  to  ignore 


IT  Outsourcing  Could  Be 
An  Issue  in  Bank  Merger 


BY  THOMAS  HOFFMAN 

The  $58  billion  merger  an¬ 
nounced  last  week  by  J.P.  Mor¬ 
gan  Chase  &  Co.  and  Bank 
One  Corp.  is  ex¬ 
pected  to  gener¬ 
ate  $2.2  billion  in 
pretax  cost  sav¬ 
ings  over  a  three- 
year  period,  part¬ 
ly  through  a  con¬ 
solidation  of  the 
banks’  systems, 
data  centers  and  IT  staffs. 

But  an  expected  debate  on 
IT  outsourcing  vs.  managing 
systems  internally  is  all  but 
certain  to  play  a  pivotal  role  in 
shaping  the  combined  compa¬ 
ny’s  technology  direction,  ac¬ 
cording  to  analysts  who  follow 
the  financial  services  industry. 

New  York-based  J.P.  Morgan 
Chase,  which  is  buying  Bank 
One,  signed  in  late  2002  a  sev¬ 
en-year,  $5  billion  outsourcing 
contract  with  IBM  [QuickLink 
35388].  The  agreement  trans¬ 
ferred  the  bank’s  data  process¬ 
ing  infrastructure  and  about 


4,000  IT  workers  and  contrac¬ 
tors  to  IBM,  and  it  lets  J.P. 
Morgan  Chase  buy  computing 
capacity  as  needed. 

That  capability 
was  a  key  driver 
for  the  bank,  said 
Jim  Eckenrode,  an 
analyst  at  Tower- 
Group  in  Need¬ 
ham,  Mass.  J.P. 
Morgan  Chase 
was  left  with  ex¬ 
cess  computing  capacity  after 
the  bear  market  began  on  Wall 
Street  in  mid-2000,  he  noted. 

In  contrast,  Chicago-based 
Bank  One  has  brought  most  of 
its  IT  operations  back  in- 
house  since  late  2001  as  part  of 
a  program  that 
was  championed 
by  CEO  James  Di- 
mon  and  execut¬ 
ed  by  CIO  Austin 
Adams  [Quick- 
Link  25374]. 

The  two  banks 
“have  some  dif¬ 
ferences  in  terms 


of  their  operating  philoso¬ 
phies,  so  there  could  be  a  cul¬ 
ture  clash  between  the  two  or¬ 
ganizations,”  Eckenrode  said. 

Management  hierarchy  deci¬ 
sions  are  expected  to  affect  the 
outsourcing  vs.  insourcing  is¬ 
sue.  William  Harrison  Jr.,  J.P. 
Morgan’s  CEO,  initially  will 
head  the  new  company,  but  he 
plans  to  give  up  the  CEO  job  to 
Dimon  in  2006  while  remain¬ 
ing  as  chairman.  It’s  not  clear 
whether  Adams  or  J.P.  Morgan 
Chase  CIO  John  Schmidlin 
will  be  the  IT  chief.  Both  have 
been  named  to  serve  on  the 
bank’s  executive  committee. 

“A  lot  of  those  decisions 
haven’t  been  made  yet  on  the 
structure  of  the  organization,” 
a  spokesman  for  J.P.  Morgan 
Chase  said.  He  declined  fur¬ 
ther  IT-related  comment. 

Because  the  banks  aren’t  ex¬ 
pected  to  complete  their  inte¬ 
gration  effort  un¬ 
til  2007,  the  role 
of  outsourcing  “is 
the  $64,000  ques¬ 
tion,”  said  Bill 
Bradway,  an  ana¬ 
lyst  at  Financial 
Insights  in  Fram¬ 
ingham,  Mass. 

©  44122 


J.P.  MORGAN  CHASE 


92,900  employees 

$793  billion  in  assets 

Estimated  2003  IT 
budget:  $4.5  billion 


BANK  ONE 

71,200  employees 

$290  billion  in  assets 

Estimated  2003  IT 
budget:  $2  billion 


SOURCES:  COMPANY  STATISTICS 
AS  OF  SEPT.  30:  TOWERGROUP. 
NEEDHAM.  MASS. 


HThe  consumer 
has  become 
the  weakest  link  in 
the  trust  chain. 

ROBERT  6ARI6UE, 

CHIEF  INFORMATION  SECURITY 
OFFICER,  BANK  OF  MONTREAL 

messages  urging  them  to  go  to 
spoofed  Web  sites  where  they 
would  be  asked  to  provide 
sensitive  data.  Phishers  have 
also  gone  after  customers  of 
eBay  Inc.,  PayPal  Inc.  and  oth¬ 
er  e-commerce  companies. 

Robert  Garigue,  the  Toron¬ 
to-based  chief  information  se¬ 
curity  officer  at  Bank  of  Mon¬ 
treal,  said  that  when  the  bank’s 
customers  were  targeted  by 
a  recent  phishing  scam,  it 
worked  with  the  Royal  Canadi¬ 
an  Mounted  Police  and  the  FBI 
to  quickly  shut  down  a  bogus 
Web  site  hosted  by  a  service 
provider  in  the  U.S.  He  said 
cooperation  and  information 
sharing  are  crucial  to  stem¬ 
ming  the  phishing  problem. 
Garigue  thinks  phishing  is 


on  the  rise  because  increased 
security  measures  are  making 
it  harder  for  attackers  to  di¬ 
rectly  breach  enterprise  net¬ 
works.  “The  consumer  has  be¬ 
come  the  weakest  link  in  the 
trust  chain,”  he  said. 

Dave  Jevans,  chairman  of 
the  recently  formed  Anti- 
Phishing  Working  Group,  said 
the  number  of  unique  phishing 
scams  has  grown  to  about  five 
per  day.  That  compares  with 
an  average  of  1.5  attacks  daily 
before  the  holiday  season,  said 
Jevans,  whose  organization  has 
more  than  60  members,  in¬ 
cluding  financial  services 
companies  and  IT  vendors. 

Companies  whose  names 
are  used  in  scams  can  incur 
“substantial  operational  costs” 
if  they  have  to  change  pass¬ 
words  and  PINs  for  thousands 
of  customers,  said  Gartner 
Inc.  analyst  John  Pescatore. 

©  44118 


PHISHING  PRIMER 

To  learn  more  about  phishing  scams  -  and 
the  resources  available  for  fighting  them  - 
read  this  week’s  QuickStudy  on  page  44. 


Sun  Advances  N1  Effort 
With  CenterRun  Release 


BY  PATRICK  THIBODEAU 

Sun  Microsystems  Inc.  before 
the  end  of  this  quarter  plans  to 
release  its  own  version  of  the 
CenterRun  provisioning  tech¬ 
nology  it  acquired  last  year. 

Sun  officials  said  last  week 
that  the  first  release  won’t 
have  a  major  feature  enhance¬ 
ment,  but  instead  will  give  the 
provisioning  software,  which 
is  key  to  Sun’s  N1  strategy,  the 
look  and  feel  of  other  Sim 
products.  It  will  also  serve  as  a 
bug  fix  and  provide  improved 
integration,  they  said.  Sun 
gained  the  technology  when  it 
acquired  Redwood  City,  Calif.- 
based  CenterRun  in  August. 

Meanwhile,  Sun’s  effort  to 
simplify  data  centers  received 
a  key  user  endorsement  last 
week  from  Blue  Cross  Blue 
Shield  of  Massachusetts. 

The  Boston-based  health 
care  provider  is  adopting 
Sun’s  Java  Enterprise  System 
(JES),  which  for  an  annual  set 


fee  of  $100  per  employee  de¬ 
livers  an  integrated  software 
stack  that  includes  Sun’s  di¬ 
rectory,  application  and  portal 
servers  [QuickLink  41523]. 

BCBS  of  Massachusetts  has 
about  3,300  employees. 

Frank  Enfanto,  vice  presi¬ 
dent  of  operations  delivery 
and  information  security  at 
the  health  care  organization, 
said  JES  “gives  us  the  ability  to 
be  predictable  in  what  our 
costs  are  and  simplifies  our 
software  purchases.”  The  al¬ 
ternative  was  to  work  with  in¬ 
dividual  vendors  and  then  try 
to  integrate  the  applications, 
he  said. 

Even  if  Sun’s  per-employee 
pricing  approach  doesn’t 
prompt  other  vendors  to 
change  their  pricing  struc¬ 
tures,  IT  managers  can  use 
it  as  a  bargaining  chip,  said 
Stephen  O’Grady,  an  analyst  at 
RedMonk,  an  IT  analyst  firm 
in  Bath,  Maine.  ©  44119 


Superheroes  have  x-ray  vision.  IT  managers  have  OpenView. 


HP's  IT  service  management  solutions  let  you  see  how  each  event  affects  your  services  so  you  can  apply  your  resources 

more  intelligently.  You're  spending  up  to  80%  of  your  budget  maintaining  your  current  IT  operations,  and  they're  demanding  that  you  cut  costs?  This 
sounds  like  a  job  for  HP.  Our  OpenView  management  software  gives  you  the  power  to  see  your  entire  infrastructure  at  a  glance  and  to  control  it  from  a  services 
level.  The  results  are,  well,  super.  In  an  IDC  study,  enterprise  customers  who  used  OpenView  software  cut  management  time  in  half  while  increasing  server 


availability  by  79%!  Wouldn't  you  like  to  have  that  capability  in  your  utility  belt? 


HP  OPENVIEW  I  The  return  on  investment  gains  after  implementing 
I  HP  OpenView  management  software  is 
MANAGEMENT  I  unmatched  in  the  industry: 

SOFTWARE  |  ff  Productivity  (time  for  task)  improved  by  54% 

149%  reduction  in  time  to  identify  and  fix 
downtime  incidents 

■  79%  reduction  in  server  downtime 


Invent 


To  see 
at  ww' 


s  have  performed  for  custome 

866-476-3331. 
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SEC  May  Take 
Action  Against  CA 

Computer  Associates  International 
Inc.  said  it  was  notified  by  the  U.S. 
Securities  and  Exchange  Commis¬ 
sion  that  the  agency  is  consider¬ 
ing  civil  charges  against  the  com¬ 
pany  over  allegations  of  improper 
revenue  recognition.  Three  of  CA’s 
top  finance  executives  resigned  in 
October  after  an  internal  investi¬ 
gation  showed  that  the  company 
booked  some  sales  prematurely 
during  its  2000  fiscal  year. 


Judge  Reaffirms 
IE  Patent  Ruling 

A  federal  judge  reaffirmed  an 
August  jury  ruling  that  Microsoft 
Corp.’s  Internet  Explorer  browser 
infringed  on  a  patent  held  by  Eolas 
Technologies  Inc.  and  the  Universi¬ 
ty  of  California.  The  judge  ordered 
Microsoft  to  pay  $520.6  million  in 
damages  and  denied  a  motion  to 
suspend  the  ruling  until  the  U.S. 
Patent  and  Trademark  Office 
finishes  a  review  of  the  patent. 
Microsoft  said  it  plans  to  appeal. 


IBM  Reports  9% 
Revenue  Increase 

IBM  reported  $25.9  billion  in  rev¬ 
enue  for  last  year’s  fourth  quarter, 
up  9%  from  $23.7  billion  in  the 
last  three  months  of  2002.  Busi¬ 
ness  from  continuing  operations 
improved  in  all  major  regions, 
with  the  Americas  showing  a  4% 
increase  year  over  year.  However, 
IBM  said  that  increase  would 
have  been  just  1%  at  constant 
currency  rates.  Fourth-quarter 
profits  totaled  $2.7  billion. 


SAP’s  Sales  Hit  by 
Currency  Changes 

SAP  AG  released  preliminary  re¬ 
sults  for  the  fourth  quarter,  saying 
it  expects  to  report  a  3%  decline 
year  over  year  in  both  total  rev¬ 
enue  and  new  software  license 
sales.  But  the  business  applica¬ 
tions  vendor  added  that  both 
figures  would  be  up  by  4%  on 
a  constant  currency  basis. 
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Sears 


Target  Corp.,  for  instance, 
when  it  signed  a  major  out¬ 
sourcing  deal  with  IBM  Global 
Services  five  years  ago. 

Kelly,  who  has  been  CIO  at 
Sears  since  October  2002,  said 
the  company  spent  much  of 
the  past  year  assessing  its  IT 
infrastructure  and  saw  two 
options  to  address  the  weak¬ 
nesses  it  found:  “remediate 
it  internally  or  have  it  out¬ 
sourced.”  Sears  chose  the  lat¬ 
ter  for  its  desktops,  server 
farms,  routers,  voice  and  data 
network,  decision-support 
technology  and  systems  that 
support  Sears.com,  he  said. 

“There’s  no  competitive 
advantage  to  having  a  better 
e-mail  system  and  a  different 
type  of  voice  or  data  network,” 
Kelly  said.  “It’s  fundamentally 
a  commodity  that  can  be  pro¬ 
vided  better  as  a  service.” 

However,  Sears  won’t  out¬ 
source  its  in-store  retail  sys¬ 
tems  or  the  wireless  applica¬ 
tion  and  other  technologies 
that  support  its  product-repair 
service  business.  Kelly  said  the 
company  wants  to  invest  more 
time  in  creating  systems  that 
will  differentiate  Sears  from  its 
competitors. 

Kelly  said  Sears  is  evaluating 
service  providers  for  the  out¬ 
sourcing  contract  and  plans  to 
make  its  decision  by  early 
March.  The  Five  being  consid¬ 
ered  are  IBM  Global  Services, 
Hewlett-Packard  Co.,  Electron¬ 
ic  Data  Systems  Corp.,  Com¬ 
puter  Sciences  Corp.  and  Affil¬ 
iated  Computer  Services  Inc. 

Sears  will  continue  to  have 
project  managers,  architects, 
developers,  business  analysts 
and  testers  to  support  applica¬ 
tions,  operations  and  systems, 
Kelly  said.  It  will  also  provide 
direction  on  the  technologies 
being  outsourced. 

A  survey  conducted  by  the 
NRF  Foundation  and  Bearing- 
Point  Inc.,  which  was  released 
at  the  NRF  conference,  found 
that  26%  of  the  57  retail  execu¬ 
tives  polled  plan  to  make  out¬ 
sourcing/offshoring  a  strategic 
initiative  this  year.  The  top 
three  functional  areas  they 
said  they  would  outsource 


were  application  develop¬ 
ment,  integration  projects  and 
application  hosting.  Most  said 
they  would  do  so  to  cut  costs 
and  to  increase  the  focus  on 
core  competencies,  efficiency 
and  performance. 

“In  many  cases,  in  data  cen¬ 
ter  and  IT  operations,  the  in¬ 
frastructure  itself  has  to  be 
significantly  upgraded  before 
it  can  be  outsourced  and 
turned  over,”  said  Scott  Hardy, 
a  vice  president  in  Bearing- 
Point’s  retail  division.  He  said 
CIOs  assess  what  they’re  good 
at  and  then  typically  adopt  a 
hybrid  model,  choosing  to 
keep  some  functions  in-house, 
some  offshore  and  others 
“nearshore”  in  North  America. 

Sears  is  keeping  control  over 
its  in-store  systems  because  it 
plans  to  have  a  “new  genera¬ 
tion  of  selling  applications” 


that  give  customers  a  standard 
way  to  make  purchases,  re¬ 
gardless  of  channel,  Kelly  said. 

Kelly  said  that  within  30 
days,  Sears  will  select  a  point- 
of-sale  (POS)  applica¬ 
tion  and  an  operating 
system  that  will  run 
on  the  35,000-plus 
IBM  hardware  de¬ 
vices  it  started  rolling 
out  last  year.  Sears  is 
also  taking  bids  from 
third  parties  to  help 
with  integration. 

Sears’  DOS-based 
POS  systems,  which 
were  built  to  its 
specifications,  will  be  re¬ 
placed  by  a  POS  application 
running  on  either  Windows 
XP  Embedded  or  Linux,  said 
Kelly.  “The  issue  is  going  to 
turn  on  total  cost  of  owner¬ 
ship,”  he  said. 


In  addition  to  beefing  up  its 
enterprise  selling  systems, 
Sears  will  undertake  a  third 
major  initiative  that  will  focus 
on  a  new  integrated  tool  for 

merchandise,  assort¬ 
ment  and  demand 
planning.  Sears  plans 
to  choose  the  vendor 
within  30  days,  Kelly 
said. 

None  of  Sears’  up¬ 
coming  IT  initiatives 
involve  its  affiliate 
Lands’  End  Inc., 
which  continues  to 
have  its  own  IT  op¬ 
erations.  But  Sears 
plans  to  retool  its  systems  so 
that  Lands’  End  customers 
will  be  able  to  return  mer¬ 
chandise  at  Sears  stores,  Kelly 
said.  He  said  he’s  not  certain 
about  the  completion  date  for 
that  project.  ©  44112 


Medical  Insurer  Plans  IT  Giveaway 


BY  BOB  BREWIN 

Medical  insurer  WellPoint 
Health  Networks  Inc.  last 
week  announced  a  $40  million 
plan  to  provide  19,000  of  its 
contracting  doctors  with 
handheld-based  e-prescription 
systems  or  desktop  PCs  for 
use  in  reducing  the  paperwork 
associated  with  filing  insur¬ 
ance  claims. 

Dell  Inc.  will  provide  the 
handheld  and  desktop  hard¬ 
ware,  and  Microsoft  Corp.  will 
integrate  electronic  prescrip¬ 
tion  software  into  Dell’s  Axim 


IT  Choices 


HARDWARE: 

■  Dell  Axim  X3i  Pocket  PC 
handheld  computer  with  built- 
in  802.11b  Wi-Fi  modem 

■  Dell  Optiplex  GX270  desk- 

top  PC  with  Pentium  4  proc¬ 
essor,  plus  a  bundled  Dell 
P1500  laser  printer _ 

■  Cisco  wireless  access  points 

SOFTWARE: 

■  E-prescription  software  to 
be  integrated  by  Microsoft 

■  One-year  subscriptions  to 
an  e-prescribing  service 


handhelds  as  part  of  the  proj¬ 
ect.  WellPoint  CIO  Ron  Ponder 
said  the  company,  the  second- 
biggest  health  insurer  in  the 
U.S.,  will  offer  the  packages 
free  of  charge  to  doctors  in  the 
states  where  it  has  the  largest 
presence:  California,  Georgia, 
Missouri  and  Wisconsin. 

Thousand  Oaks,  Calif.-based 
WellPoint  will  also  make  the 
technology  available  to  its  oth¬ 
er  150,000  contracting  physi¬ 
cians  at  the  discount  rate  it  ne¬ 
gotiated  with  its  suppliers. 
Ponder  put  the  value  of  the 
packages  at  roughly  $2,100  per 
doctor,  but  he  declined  to  dis¬ 
close  the  cost  that  WellPoint  is 
paying  for  the  systems. 

The  insurer  isn’t  looking  at 
the  plan  from  a  traditional  re¬ 
turn-on-investment  point  of 
view,  Ponder  said.  Instead,  it 
expects  the  technology  to  help 
make  doctors  more  efficient 
and,  in  the  case  of  the  e-pre¬ 
scription  system,  to  potential¬ 
ly  reduce  medical  errors. 

In  January  2001,  General 
Motors  Corp.  took  a  similar 
approach  when  it  launched  a 
program  to  equip  5,000  doc¬ 
tors  who  treat  its  employees. 

It  planned  to  provide  them 
with  handheld  computers  that 
included  a  digital  medical 


records  system  and  online  ref¬ 
erence  materials.  But  Dell 
spokesman  Dean  Klein  said 
the  WellPoint  giveaway  is  the 
first  that  the  computer  maker 
knows  of  within  the  health 
care  industry  itself. 

Although  WellPoint  will  pro¬ 
vide  the  hardware  to  doctors, 
they  will  still  need  to  buy  their 
own  medical  practice  manage¬ 
ment  software,  Ponder  said. 

Barry  Heib,  an  analyst  at 
Gartner  Inc.,  said  electronic 
prescribing  will  have  “a  hard 
time  getting  off  the  ground” 
without  the  backing  of  insur¬ 
ers  like  WellPoint.  But  he 
added  that  WellPoint  may 
soon  find  out  that  not  all  doc¬ 
tors  like  the  way  e-prescrip¬ 
tion  technology  works.  The 
company  could  also  face  skep¬ 
ticism  from  doctors  who  view 
the  free  program  as  way  to 
lock  them  into  one  type  of  ap¬ 
plication  for  the  long  term. 

But  Steve  Shihadeh,  general 
manager  of  Microsoft’s  health 
care  and  life  sciences  group, 
said  he  expects  to  offer  doc¬ 
tors  a  choice  of  two  applica¬ 
tions.  Shihadeh  added  that  Mi¬ 
crosoft  is  still  negotiating  with 
e-prescription  developers  but 
hopes  to  make  its  choices 
within  30  days.  ©  44116 


POWER 


Chaos. 


Control. 


Take  control  of  your  Internet  security. 


Introducing  Proventia™  Enterprise  Protection  Products.  Just  because  Internet  threats  are 
complex,  doesn't  mean  your  security  has  to  be.  Finally,  a  single,  unified  protection  appliance 
that  protects  more  with  less,  eliminating  the  cost  and  chaos  of  multiple  stand-alone  security 
products.  Proventia’"  centrally-managed  products  range  from  detection  up  to  completely 
unified  and  proactive  multi-function  protection  appliances,  combining  firewall,  intrusion 
prevention  and  anti-virus  technologies.  Take  control  of  your  enterprise  security.  Switch  to 
Internet  Security  Systems  today.  800-776-2362.  www.iss.net/takecontrol. 
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IBM’s  Desktop  Focus  Is  on  Portals 


IBM’s  desktop  strategy  is  fo¬ 
cused  on  a  gradual  shift  to  portal 
technology.  A  Web-based  portal 
to  applications  residing  on  a 
server  could  be  accessed  on  the 
desktop  by  a  client  running  Lin¬ 
ux,  Windows  or  another  operat¬ 
ing  system. 

In  an  interview  last  month, 
Scott  Handy,  head  of  IBM’s  Linux 
desktop  strategy,  said  real  desk¬ 
top  savings  come  from  the  server- 
based  distribution  of  applications, 
which  can  cut  total  cost  of  own¬ 
ership  by  half.  Moving  to  a  Linux 
desktop  would  also  yield  cost  sav¬ 


ings,  he  said,  mostly  in  the  form  of 
lower  fees  for  licensing,  which  he 
pegged  at  about  20%  of  the  to¬ 
tal  cost  of  ownership. 

But  an  internal  memo  that  IBM 
CIO  Bob  Greenberg  wrote  in  No¬ 
vember  calls  for  a  Linux-based 
desktop.  “Our  chairman  has  chal¬ 
lenged  the  IT  organization,  and 
indeed  all  of  IBM  to  move  to  a 
Linux  based  desktop  by  the  end 
of  2005,”  Greenberg  wrote.  “This 
means  replacing  productivity, 
Web  access  and  viewing  tools 
with  open  standards  based 
equivalents." 


Trink  Guarino,  an  IBM  spokes¬ 
woman,  said  the  memo  was 
“meant  not  as  a  policy  directive” 
at  this  point.  Instead,  she  said,  it 
was  sent  as  a  way  to  "motivate” 
the  IT  organization  to  look  at  the 
possibilities  of  running  Linux  as 
the  desktop  operating  system  of 
choice  for  all  of  IBM’s  approxi¬ 
mately  300,000  employees.  But, 
Guarino  said,  “based  on  that 
memo,  I  would  have  to  say  we’re 
considering  it.” 

In  a  research  note  last  week, 
AMR  Research  Inc.  said  the  IBM 
memo  gave  credibility  to  the  idea 


of  a  Linux  desktop.  “More  imme¬ 
diately,  the  mere  suggestion  of 
IBM’s  dedication  will  frustrate  Mi¬ 
crosoft  and  its  partners’  efforts  to 
cast  doubt  upon  the  corporate 
suitability  of  an  open-source 
desktop,”  AMR  said. 

Microsoft  Corp.  officials, 
meanwhile,  downplayed  the 
memo’s  significance.  “IBM  is  an 
important  partner  and  customer 
for  Microsoft,”  the  company  said 
in  a  statement,  “and  Microsoft 
will  continue  to  work  with  IBM  to 
deliver  high  value  desktop  solu¬ 
tions  for  both  IBM  and  for  its  cus¬ 
tomers." 

-Patrick  Thibodeau 

and  Todd  R.  Weiss 


Continued  from  page  l 

Linux 

its  6,000  employees  to  Linux 
desktops,  Vice  Chairman 
Chris  Stone  said  last  week. 
“We’re  doing  it.  We’re  moving 
ail  of  our  employees  to  using 
Linux  desktops  internally,”  he 
said.  A  Novell  spokesman  said 
there’s  no  timetable  for  the 
move,  calling  it  “a  long-term, 
logical  progression.” 

Sun,  meanwhile,  uses  its 
Linux-based  Java  Desktop  Sys¬ 
tem  internally  and  started  sell¬ 
ing  it  late  last  year.  Peder 
Ulander,  Sun’s  desktop  solu¬ 
tions  marketing  director,  said 
IBM’s  interest  in  a  Linux  desk¬ 
top  is  “just  one  more  endorse¬ 
ment,  or  acknowledgment, 
that  we  are  probably  headed 
down  the  right  space.” 

Skeptical,  Yet  Eager 

Although  many  users  are  in¬ 
terested  in  seeing  what  these 
vendors  can  do  with  a  Linux 
desktop,  it  will  take  a  lot  to 
overcome  their  skepticism. 
Still,  users  are  eager  for  any 
desktop  alternative  that  the 
vendors  may  bring  to  the  com¬ 
petitive  landscape. 

Jeffrey  Campbell,  vice  presi¬ 
dent  of  technology  services 
and  CIO  at  Fort  Worth,  Texas- 


As  thousands  of  enterprise  IT 
users  head  to  the  LinuxWorld 
Conference  &  Expo  in  New  York 
this  week,  there’s  more  on  their 
minds  than  using  Linux  for  estab¬ 
lished  tasks  such  as  consolidat¬ 
ing  servers,  improving  security 
and  lowering  costs. 

Lt.  Fred  Wissing,  application 
development  services  supervisor 
for  the  New  Jersey  State  Police  in 
West  Trenton,  said  he’s  sending 
several  members  of  his  IT  team  to 
the  show,  which  begins  tomorrow 
at  the  Jacob  K.  Javits  Convention 
Center,  so  they  can  find  new 
ways  of  using  Linux  within  the  IT 
systems  of  the  state  police. 

“I’ve  been  wanting  for  a  long 
time  to  pull  the  trigger  on  the 
desktop”  and  use  Linux  for  all 
workers  to  do  their  jobs,  Wissing 


based  Burlington  Northern 
Santa  Fe  Corp.,  said  a  Linux 
desktop  alternative  “would 
merit  a  serious  review.” 

Campbell  cautioned  that  the 
price  could  be  less  compelling 
once  support  is  considered, 
and  he  said  security  may  also 
be  a  problem  with  Linux.  But 
he  said  the  growing  interest  in 
Linux  on  the  desktop  “could 
be  a  wake-up  call  for  Micro¬ 
soft  to  realize  that  there  may 
be  marketplace  alternatives.” 

Harry  Roberts,  CIO  at 
Boscov’s  Department  Store 


saicmhftroblem,  he  said,  is  that 
some  software  vendors  are  still 
using  old  programming  lan¬ 
guages  and  haven’t  made  the 
changes  needed  to  port  their  ap¬ 
plications  to  Linux.  Specifically, 
documenftanagement  systems 
and  case-tracking  applications 
used  by  the  state  police  aren’t  yet 
ready  for  the  open-source  operat¬ 
ing  system,  according  to  Wissing. 

“My  people  are  going  to  be 
there  with  a  mind-set  of  finding 
additional  ways  to  leverage  Linux 
here,”  he  said,  explaining  that 
they  would  be  looking  for  applica¬ 
tions  to  help  make  their  Linux  in¬ 
frastructure  even  more  robust 
and  finding  others  to  replace 
legacy  programs. 

Most  back-end  server  infra¬ 
structure  in  the  department  is  al- 


LLC,  a  40-store  operation 
based  in  Reading,  Pa.,  is  con¬ 
sidering  replacing  Windows 
NT  with  Linux  on  about  two- 
thirds  of  the  company’s  desk¬ 
tops  —  the  ones  used  by  em¬ 
ployees  who  aren’t  heavily  re¬ 
liant  on  Microsoft  applica¬ 
tions.  He’s  also  looking  at 
Sun’s  StarOffice  productivity 
suite. 

“We  will  look  at  the  TCO 
[total  cost  of  ownership]  and 
make  a  decision,”  said  Roberts. 
“We  certainly  think  it’s  a  good, 
attractive  platform.” 


ready  running  Linux  operating 
systems  from  SUSE  Linux  AG  or  : 
Red  Hat  Inc.,  helaid,  including 
database  and  application  server 
software.  • 

Tim  Kuchlein,  information  ser-  : 
vices  director  at  Clarity  Payment  ; 
Solutions  Inc.,  an  electronic  pay-  • 
ment  systems  processing  compa-  \ 
ny  in  New  York,  is  in  the  midst  of  : 
a  project  to  move  from  an  existing  * 
system  of  Red  Hat  7.3  on  Intel 
hardware  to  the  new  64-bit  SUSE  : 


ALSO  AT  LINUXWORLD 

Novell  will  announce  Linux  support  for 
its  Web  app  development  software. 

Major  database  vendors  will  disclose 
plans  to  strengthen  Linux  wares. 


But  Linux  on  the  desktop 
clearly  faces  an  uphill  battle. 
Users  may  be  interested,  but 
they’re  largely  unconvinced. 

TCO  a  Question 

“My  personal  belief  is  that  the 
jury  is  still  very  much  out  on 
the  issue  of  total  cost  of  own¬ 
ership  advantage  of  Linux 
over  Windows,”  said  Gordon 
Wishon,  CIO  at  the  University 
of  Notre  Dame  in  Indiana. 

The  big  vendors’  recent 
moves  “bode  fairly  well”  for 
Linux  on  the  desktop,  said 


Linux  OS  on  IBM's  PowerPC 
hardware.  Clarity  is  first  installing 
the  hardware  and  software  into 
its  disaster  recovery  site  to  do 
testing  and  configuring,  lt  will  lat¬ 
er  move  its  production  debit-card 
processing  systems  over  to  the 
new  equipment,  he  said. 

“We’re  aiming  to  have  the  test 
stuff  in  by  March  or  so  and  re¬ 
placing  all  systems  by  2005,” 
Kuchiein  said.  “The  deal  is  pretty 
much  done.” 

No  one  from  Clarity  will  attend 
LinuxWorld  because  the  compa¬ 
ny  has  gotten  the  information  it 
needs  through  its  established  re¬ 
lationships  with  Linux  vendors, 
Kuchlein  said.  “They’d  be  preach¬ 
ing  to  the  choir,"  he  said.  “We’ve 
been  very  happy  with  Linux.  For 
us  at  this  particular  time,  we 
know  what  we  want  to  do.” 

-  ToddR.  Weiss 


HjThe  growing 
interest  in 
desktop  Linux] 
could  be  a  wake-up 
call  for  Microsoft. 


JEFFREY  CAMPBELL,  CIO, 
BURLINGTON  NORTHERN  SANTA  FE 

Christopher  David,  the  chief 
technology  officer  for  Arling¬ 
ton  County,  Va.  But  he  said  it 
still  doesn’t  ease  his  concerns. 
David  worries  about  interop¬ 
erability  with  ERP  and  CRM 
applications,  as  well  as  back¬ 
end  systems.  Rather  than  tak¬ 
ing  the  Linux  desktop  route, 
the  county  has  embarked  on  a 
portal/server  strategy  to  “un¬ 
tether”  his  workforce  from 
their  desktops  and  give  them 
access  from  any  location. 

Mike  Taylor,  CIO  at  Todd 
Pacific  Shipyards  Corp.  in 
Seattle,  also  likes  the  portal 
strategy.  Taylor  plans  to  buy 
450  PCs  in  the  next  few 
months  and  estimates  that  he 
could  save  $20,000  by  moving 
to  Linux.  But  training  people 
on  a  new  system  would  quick¬ 
ly  absorb  that  savings,  he  said. 

The  portal  approach  would 
genuinely  lower  support  costs, 
“as  opposed  to  just  making  a 
cheaper  operating  system 
available,”  Taylor  said. 

©  44121 


Todd  R.  Weiss  contributed  to 
this  report. 
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LinuxWorld  20H:  Same  Show,  New  Linux  Directions 
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Microsoft 


Can  support  multiple  presenters  and  concurrent 
meetings  with  up  to  2,500  participants  per  session 


Simply  log  in  and  dial  in  and 
collaborate  like  never  before 


Hfe 


9  layers  of  security,  SSL  service 
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IBM  Plans  to  Resell  InfiniBand  Switches 


BY  LUCAS  MEARIAN 

IBM  last  week  said  it  has 
signed  a  five-year  agreement  to 
resell  InfiniBand  switches  for 


use  with  its  servers  and  storage 
devices,  a  move  that  could 
boost  the  once-touted  high¬ 
speed  interconnect  technology. 


IBM  plans  to  integrate  Top- 
spin  Communications  Inc.’s 
line  of  switches  with  its  eServ- 
er  systems  and  TotalStorage 


disk  and  tape  products.  The 
combined  offering  will  be 
aimed  at  high-performance 
computing  and  database  clus¬ 
tering  applications  as  an  alter¬ 
native  to  setups  based  on 
Gigabit  Ethernet  and  Fibre 


I1 


Strength  in  Numbers. 


13,500 


Yet,  there  are  other  numbers  important  to  Remedy.  Operating  cost  reductions,  improvements  in  customer 
satisfaction,  increased  employee  productivity,  shorter  time  to  value — the  bottom-line  numbers  you  will  achieve 
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Channel,  IBM  said. 

Mountain  View,  Calif.-based 
Topspin  currently  sells  4X  In¬ 
finiBand  switches  designed  to 
provide  I/O  throughput  of  up 
to  10Gbit/sec.,  and  it  plans  to 
add  12X  devices  that  would  be 
capable  of  30Gbit/sec.  data 
rates  later  this  quarter. 

Chuck  Kesler,  program  man¬ 
ager  for  grid  deployment  and 
data  center  services  at  MCNC 
Grid  Computing  &  Networking 
Services  in  Research  Triangle 
Park,  N.C.,  has  been  testing  a 
Topspin  switch  as  part  of  a  64- 
node  eServer  cluster.  The  In¬ 
finiBand  switch  connects  12  of 
the  nodes,  and  Kesler  said  he 
has  seen  an  I/O  performance 
boost  of  up  to  six  times  better 
than  Gigabit  Ethernet. 

MCNC  is  a  nonprofit  com¬ 
pany  that  provides  high-speed 
interconnection  services  to 
more  than  180  universities 
and  public  institutions  in 
North  Carolina.  Kesler  said  the 
biggest  performance  improve¬ 
ment  provided  by  Topspin’s 
switch  comes  from  the  elimina¬ 
tion  of  IP  management  layers. 

“It’s  not  that  we  didn’t  want 
to  go  with  Gigabit  Ethernet,” 
he  said.  “That’s  the  primary 
switch  interconnect  fabric  on 
our  clusters.  But  we  wanted  to 
look  at  a  second  option  for  low¬ 
er  latency  and  faster  speed.” 

Hype  Cools  Down 

InfiniBand  was  widely  hyped 
as  a  faster  data  center  inter¬ 
connect  technology.  But  the 
hype  died  down  in  late  2002, 
after  IBM,  Intel  Corp.  and 
Microsoft  Corp.  all  dropped 
plans  to  develop  their  own 
InfiniBand  products  [Quick- 
Link  35299]. 

Tony  Prigmore,  an  analyst 
at  Enterprise  Storage  Group 
Inc.  in  Milford,  Mass.,  predict¬ 
ed  that  IBM’s  deal  will  help 
InfiniBand  make  headway 
with  users  as  a  core  infrastruc¬ 
ture  technology  by  year’s  end. 

“It  definitely  will  start  as 
a  server-based  technology, 
which  will  have  low-latency 
advantages  for  applications,” 
Prigmore  said.  Once  InfiniBand 
establishes  itself  as  a  server 
clustering  technology,  users 
should  become  more  comfort¬ 
able  about  using  it  at  the  net¬ 
work  level,  he  added.  O  44062 
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PIMM  FOX 


Defying  Gravity 


THE  MOST  POWERFUL  software  company 
in  the  world  would  love  to  kill  it  off.  The 
most  ridiculous  software  company  in  the 
world  can’t  stop  suing  over  it.  Yet  Linux 
marches  triumphantly  onward  and  will  be  preening 
its  new-product  feathers  this  week  at  the  Linux- 
World  Conference  &  Expo  in  New  York. 


announced  that  they  had  found  a 
new  flaw  in  the  Linux  kernel  [Quick- 
Link  43947],  but  users  promptly 
shrugged  it  off  as  no  big  deal. 

“I  would  say  [Linux]  is  more  se¬ 
cure  than  Microsoft  and  other  envi¬ 
ronments,  because  the  code  is  looked 
over  by  so  many  people,”  explained 
John  Cahill,  senior  network  security 
engineer  at  Piedmont  Natural  Gas 
Co.  in  Charlotte,  N.C.  “It’s  so  widely 
available  that  any  vulnerability  can 
be  quickly  identified  and  patched.” 

■  A  U.K.-based  Web  site  published 
an  IBM  internal  memo  in  which  CEO 
Sam  Palmisano  challenged  his  com¬ 
pany  to  migrate  to  Linux  desktops 
and  other  open-source-based  tools 
wherever  possible  [QuickLink 
43887]. 

■  A  Linux  platform  for  govern¬ 
ment  and  corporate  users  in  Asia  was 
announced  by  Japan’s  Miracle  Linux 
Corp.  and  China’s  Red  Flag  Software 
Co.  [QuickLink  43887].  Japan,  China 
and  South  Korea  are  all  climbing  on 
the  Linux  bandwagon  in  hopes  of  di¬ 
minishing  the  dominance  of  Western 
software  companies  in  the  operating 
system  and  applications  markets. 

So  if  these  early  days  of  the  new 
year  are  any  indication,  Linux  and 
open-source  will  turn  out  to  be  the 
liveliest  technology  space  to  watch  in 
2004.  Who  says  flightless  birds  can’t 
defy  gravity?  O  44078 


Against  all  odds,  the 
open-source  operating 
system  has  steadily 
grown  up  from  grass 
roots  to  widespread  en¬ 
terprise  use,  adopted  by 
CIOs  and  senior  IT  man¬ 
agers  who  value  its  cost 
savings,  its  price/perfor¬ 
mance  and  the  alterna¬ 
tive  it  offers  to  a  lifetime 
sentence  of  Microsoft 
Windows.  Its  influential 
cadre  of  vendor  support¬ 
ers,  aggressively  led  by 
IBM  and  Hewlett-Packard,  now  in¬ 
cludes  all  the  major  software,  hard¬ 
ware  and  networking  vendors  (with 
the  notable  exceptions  of  Microsoft 
and  lawsuit-happy  SCO  Group,  of 
course). 

Even  the  lurking  shadow  of  SCO’s 
$3  billion  lawsuit  against  IBM  over  in¬ 
tellectual  property  rights  to  Linux  — 
and  the  pipsqueak  vendor’s  threats  to 
directly  sue  user  companies  —  has 
done  nothing  to  dampen  IT  or  busi¬ 
ness  enthusiasm.  No  fear.  No  uncer¬ 
tainty.  No  doubt.  In  fact,  the  past  two 
weeks  have  been  especially  busy  on 
the  penguin  watch.  Hardly  a  day 
passed  without  another  Linux  story 
bobbing  to  the  surface.  Consider  the 
following: 

■  SCO  finally  ended  10  months  of 
legal  foot-dragging  by  delivering 
some  of  the  infamous  disputed  code 
to  IBM  [QuickLink  44056].  At  last,  a 
look  at  the  smoking  gun?  Nah.  Not  a 
single  example  of  those  alleged  copy¬ 
right  violations  that  we’ve  all  heard 
about  ad  nauseam.  The  central  issue 
seems  to  be  boiling  down  to  contract 
language,  like  how  the  two  compa¬ 
nies  were  defining  things  like  deriva¬ 
tive  works.  Spare  us  the  details. 

W  Novell  stepped  forward  to  in¬ 
demnify  its  newly  acquired  SUSE 


MARYFRAN  JOHNSON  is 

editor  in  chiei  o:  Coirpit 
eworld.  you  c&n  contact 
her  at  matyfran Johnson® 


Linux  enterprise  cus¬ 
tomers  against  legal  ac¬ 
tions  by  SCO  [QuickLink 
44020].  HP  took  a  similar 
protective  stance  last 
September.  Sun  Micro¬ 
systems  also  shields  its 
customers  from  such 
legal  assaults.  It’s  time 
that  IBM  and  Red  Hat 
stepped  forward  to  do 
the  same,  isn’t  it? 

“Anybody  that  sells 
code  should  indemnify 
their  customers,”  as  ana¬ 
lyst  Bill  Claybrook  at  Harvard  Re¬ 
search  Group  Inc.  so  aptly  put  it  in 
our  story.  “If  they’re  selling  software 
products,  then  they  should  stand  be¬ 
hind  their  products.” 

■  Open  Source  Development  Labs 
Inc.  announced  its  $10  million  legal 
defense  fund  against  Linux  copy¬ 
right-infringement  lawsuits  by  SCO. 

■  Security  researchers  in  Poland 
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Tangible  Deal 
For  Virtual  IT 

IUST  20  MINUTES  after  the 
ink  was  dry  on  the  deal  for 
EMC  to  buy  VMware  Inc. 
ior  over  $600  million  in 
cash,  I  spoke  with  VMware 

CEO  Dianne  Greene  and  asked  her  to 
recount  the  drama  and  excitement  of 
the  acquisition. 

She  balked. 

She  wanted  to  talk  about  customers. 
She  wanted  to  tell  me  how  integrat¬ 
ing  storage,  networking  and  operating 
system  virtualization  was  going  to 
make  it  easier  and  cheaper  for  compa¬ 
nies  to  run  their  data  centers. 

She  told  me  it  made  sense  for  cus¬ 
tomers  that  VMware  didn’t  link  up 
with  a  proprietary  hardware  vendor 
such  as  IBM  or  Hewlett-Packard. 

She  told  me  how  Palo  Alto,  Calif.- 
based  VMware  would  retain  its  inde¬ 
pendent  sales  force 
and  added,  with  a  hu¬ 
mility  not  often  seen 
in  Silicon  Valley,  that 
VMware  was  lucky 
because  Linux’s  pop¬ 
ularity  made  it  com¬ 
monplace  for  data 
centers  to  confront 
multiple  operating 
systems. 

She  wanted  to  stick 
to  business 
That’s  reassuring, 
since  most  IT  mergers  are  perilous  at¬ 
tempts  at  cost  savings  that  ultimately 
hurt  customers. 

In  a  sense,  VMware’s  customers 
have  been  clamoring  for  a  combination 
of  virtualization  technologies  at  the 
corporate  level.  It  just  doesn’t  make 
sense  to  do  storage,  networking  and 
operating  system  virtualization  in  si¬ 
los.  And  customers  who  worry  about 
working  with  storage  vendors  other 
than  EMC  shouldn’t  be  concerned, 
since  Greene  said  that  as  an  indepen¬ 
dent  subsidiary,  VMware  will  continue 
to  share  application  programming  in¬ 
terfaces  with  other  storage  vendors. 

Combining  storage  and  networking 
virtualization  moves  the  technology 
from  a  tool  designed  for  server  consol¬ 
idation  to  a  strategic  part  of  IT  infra¬ 
structure.  It’s  the  way  to  provision  and 
monitor  performance,  control  access 
rights  and  maintain  clone  copies  of 
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IN  THIS  EDITION: 

See  how  companies  are 
evolving  from  the  tradi¬ 
tional  notion  of  disas¬ 
ter  recovery  as  part  of 
a  discrete  storage  and 
business  continuity 
operation  to  a  more 
holistic  view  of  infor¬ 
mation  protection  and 
recovery  that’s  rooted 
in  business  value. 


Information  Protection  Isn’t  About 
Cost;  It’s  About  Business  Value 


IT  SEEMS  EVERY  DAY  we  wake  up  to 
a  new  challenge  to  our  organization. 
Like  never  before,  the  engines  of  glob¬ 
al  economic  prosperity — people,  capi¬ 
tal,  infrastructure  and  information- 
need  to  be  managed  for  resiliency  in  the 
face  of  uncertain  yet  pervasive  risks. 

Information  Lifecycle  Management 
addresses  the  critical  concern  of  how 
best  to  protect  information  vital  to 
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commerce  and  public  safety.  The  end 
goal  is  an  information  infrastructure 
that  ensures  the  availability  of  critical 
information  anytime,  anywhere  across 
the  globe.  Achieving  this  goal  requires 
new  thinking,  technologies  and  manage¬ 
ment  expertise  needed  to  balance  trade¬ 
offs  in  cost,  risk  and  business  value. 

The  challenge  is  to  move  toward 
this  goal  aggressively  while  operating 
within  real-life  budgetary,  process  and 
technological  constraints.  Information 
Lifecycle  Management  helps  you  do 
that  by  aligning  the  various  classes  of 
critical  applications  and  data  across 
your  enterprise  to  the  appropriate  level 
of  protection  and  availability. 

According  to  Nancy  Marrone- 
Hurley,  a  senior  analyst  at  Enterprise 
Storage  Group,  a  research  company  in 
Milford,  Mass.,  applying  Information 
Lifecycle  Management  practices  to 
information  protection  and  recovery 
can  make  a  significant  difference. 
“Data  availability  is  one  thing,  and 
long-term  lifecycle  management  is 
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INFORMATION  PROTECTION:  WHY  NOW? 

.  NEW  REGULATORY  DRIVERS 

Sarbanes-Oxley,  HIPAA,  Basel  II,  InterAgency  White  Paper 

•  HIGHER  MARKETPLACE  EXPECTATIONS 

Traditional  Disaster  Recovery  which  relies  on  moving  tapes  from  a 
backup  site  to  a  hot  site  provides  a  24  to  72  hour  recovery  timeframe. 
Many,  if  not  most,  customers  won't  wait  that  long  before  switching  to 
a  competitor’s  product  or  service. 

•  BETTER  OPTIONS,  LOWER  EFFECTIVE  COST 

Hardware  and  telecommunications  costs  continue  to  decline  while 
new  availability  options  such  as  backup  and  replication  using  ATA 
storage  technologies  increase. 


another,”  she  says.  “The  latter  helps  you 
know  where  information  is,  how  to  ensure 
that  it’s  where  it’s  supposed  to  be  and  is 
readily  accessible.  Information  Lifecycle 
Management  helps  you  prove  the  integrity 
of  the  data  as  well.” 

Marrone-Hurley  and  other  experts  cite 
a  number  of  issues  that  make  a  lifecycle 
approach  to  data  protection  attractive. 
The  first  is  the  complexity  that  governs 
information  management.  Not  only  is 
information  growing  at  an  exponential 
rate,  but  it’s  becoming  increasingly  difficult 
to  detangle  applications  as  they  draw 
information  from  each  other.  “When  com¬ 
panies  had  a  fairly  siloed  approach  to 
applications,  there  were  well-defined 
boundaries,”  says  Colin  Rankine,  vice 
president  in  the  computing  infrastructure 
group  at  Forrester  Research  in  Cambridge, 
Mass.  “But  as  companies  migrate  to  a  dis¬ 
tributed  application  architecture,  applica¬ 
tions  have  become  interdependent.” 

The  issue  of  regulatory  compliance  is 
also  increasingly  high-profile.  HIPAA, 
Sarbanes-Oxley  and  Basell  II  are  just  a  few 
of  the  most  visible  new  regulations  that 
mandate  the  way  that  many  companies 
manage  and  protect  corporate  data.  With 
the  advent  of  this  new  regulatory  environ¬ 
ment,  companies  must  protect  information 
longer  and  have  the  ability  to  recover  faster. 
Moreover,  they  must  protect  the  right 
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data — and  know  when  it’s  time  to  delete 
information  that’s  outlived  its  function.  “It’s 
becoming  more  of  an  issue,  and  will  likely 
continue  as  more  regulations  appear  over 
the  next  couple  of  years,”  says  Rankine. 

Many  experts  recommend  the  follow¬ 
ing  steps  to  success  for  information  avail¬ 
ability  and  protection: 

LEAD  WITH  BUSINESS  REQUIREMENTS 

Many  CIOs  will  conduct  a  business  impact 
study,  which  requires  conversations  with 
line  of  business  (LOB)  peers  to  get  at  the 
true  business  value  of  each  application.  To 
say  it’s  a  ticklish  undertaking  is  to  state  the 
case  lightly,  says  Marrone-Hurley.  “It’s  very 
political,”  she  says.  “Nobody  in  the  organi¬ 
zation  is  going  to  think  that  their  business 
data  is  less  important  than  others’.” 

That’s  why,  companies  frequently  call 
in  outside  assessment  teams  to  help  con¬ 
duct  the  classification  study,  particularly 
in  industries  where  regulatory  compli¬ 
ance  is  an  issue.  “It  takes  a  lot  of  disci¬ 
pline,  and  outside  experts  can  provide 
some  very  helpful  objectivity,”  says 
Gregg  Therkalsen,  vice  president  of  busi¬ 
ness  continuity  solutions  at  EMC. 

Once  CIOs  have  an  idea  of  the  value  of 
each  application,  they  must  formally  classi¬ 
fy  them.  Therkalsen  advises  that  IT  execu¬ 
tives  use  at  least  three  different  categories 
of  service-level  importance: 

•  Mission-critical — This  includes  applica¬ 
tions  that  will,  if  interrupted,  result  in 
severe  financial,  regulatory  or  safety  issues 
for  the  company.  “We’re  talking  about  sys¬ 
tems  that  are  so  vital  that  if  they  are  taken 
down,  they’ll  severely  disrupt  the  company 
and  potentially  broad  sections  of  our  econ¬ 
omy,”  says  Therkalsen.  Recovery  time  for 
these  applications  will  be  in  seconds,  min¬ 
utes  or  several  hours. 

•  Essential — Therkalsen  classifies  most  sup¬ 
porting  business  systems,  such  as  financial 
analysis  applications,  in  this  category.  These 
systems  must  not  be  down  more  than  a  day. 

•  Deferrable — This  includes  applications 
that  contain  data  that  is  used  periodically, 
such  as  market  analyses.  These  applications 
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SOURCE:  EMC  RESEARCH  GROUP 

Forty-two  percent  of  US  IT  executives  are  willing  to  accept  data  loss  in  order  to  increase  distances 
to  their  secondary  sites.  European  IT  executives  are  less  likely  to  make  this  trade-off. 


DISTANCE  MATTERS 


Zero  data  loss  and  recovery  within  30  miles 


Some  data  loss  and  recovery 
outside  of  30  miles 


Zero  data  loss  and  recovery  within  30  miles 
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“Business 
value  isn’t 
always 
related  to 
monetary 
value.” 

— Nancy  Marrone- 
Hurley,  senior 
analyst,  Enterprise 
Storage  Group 


are  looking  at  a  recovery  time  of  24  hours 
or  longer. 

Marrone-Hurley  points  out  that  busi¬ 
ness  value  isn’t  always  related  to  monetary 
value.  Certain  kinds  of  data,  for  example, 
must  be  stored  according  to  levels  of  avail¬ 
ability  and  integrity  mandated  by  regulato¬ 
ry  compliance,  and  availability  service  lev¬ 
els  must  reflect  this. 

DESIGN  FOR  SUCCESS 

Armed  with  a  clear  agreement  on  the  critical 
classes  of  applications  and  data,  the  work  of 
designing  solutions  begins.  There  are  five 
key  design  principles  for  building  a  resilient, 
highly  available  information  infrastructure: 

Replication.  Information  is  typically 
backed  up  so  that  companies  can  recover 


FIVE  KEY  INFORMATION 
INFRASTRUCTURE  DESIGN 
PRINCIPLES 

.  REPLICATION 


•  GEOGRAPHIC  DISTANCE 

•  CONSISTENCY 
.  ACCESSIBILITY 

•  COST  AND  PERFORMANCE 


from  operational  failures  and  major  busi¬ 
ness  disruptions  as  well  as  archive  data  in 
accordance  with  business  and  regulatory 
requirements.  These  requirements  are  con¬ 
verging  and  should  be  viewed  as  one  enter¬ 
prise-level  business  requirement. 


Geographic  Distance.  Consolidating 
information  processing  into  one  center 
can  save  money,  but  it  also  creates  vulner¬ 
ability  to  a  single  risk  event.  Systems  need 
to  be  designed  for  both  economies  of  scale 
and  distribution  of  information  across 
suitable  distances. 

Consistency.  Data  and  applications  are 
often  backed  up  at  different  times  of  day  or 
week,  making  it  nearly  impossible  to 
“restart”  the  enterprise  at  a  single  point  in 
time.  Backup  and  replication  to  a  single 
point  in  time  is  a  critical  underpinning  of  a 
well  designed  infrastructure. 

Accessibility.  Anytime,  anywhere  access 
to  information  requires  geographically 
redundant  and  diverse  network  connectivi¬ 
ty  that  enables  workers  to  continue  opera¬ 
tions  from  various  remote  locations. 

Cost  and  Performance.  The  optimum 
design  provides  for  backup,  recovery  and 
high  availability  in  a  fashion  that  is  both 
cost-effective  and  enables  the  right  level  of 
protection  to  be  applied  to  the  appropriate 
class  of  applications  and  data. 

By  applying  different  levels  of  protection 
to  different  levels  of  information,  compa¬ 
nies  can  tie  the  right  price  and  performance 
levels  to  each  group  of  information.  “I 
compare  it  to  how  people  might  protect  per¬ 
sonal  information,”  says  Mark  Lewis,  the 
chief  technology  officer  at  EMC.  “The  most 
important  records  are  in  a  safe  deposit  box 
in  a  bank,  more  moderately  important 
records  in  a  fire  safe  in  the  house,  and  oth¬ 
ers  are  in  a  desk  drawer.  Each  method  has 
different  costs  associated  with  it  that  corre- 
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spond  to  the  business  value  of  the  data.” 

Further,  if  the  CIO  can  give  a  dollar 
value  to  the  different  levels  of  protection,  it 
allows  line  of  business  executives  to  make 
decisions  based  on  numbers,  not  technical 
jargon.  “It  enables  the  CIO  to  go  to  a  busi¬ 
ness  executive  and  say,  ‘If  your  applications 
are  vital,  protecting  them  will  mean  an 
investment  of  X  dollars.  If  you  don’t  think 
you  want  to  pay  that,  you  can  have  less 
protection  for  Y  dollars,’”  Marrone-Hurley 
says.  “This  allows  the  LOB  executive  to 
weigh  information  protection  in  terms  of 
what  it’s  going  to  do  to  his  P&L,  and  they 
can  begin  to  cost- justify  the  investment  nec¬ 
essary  to  protect  each  level  of  application.” 


QUESTIONS  ABOUT 
INFORMATION 
LIFECYCLE 
MANAGEMENT? 

If  you’ve  got  any  burning 

questions  about 

Information  Lifecycle 

Management — and  how 

you  can  begin 

implementing  such  a 

strategy — send  them  to 

ilm_questions@emc.com. 

We’ll  answer  the  most 

frequently  asked 

questions  later  in 

this  series. 


MANAGE  CHANGE 

Of  course,  shortly  after  you  classify  your 
applications  and  design  and  implement  the 
appropriate  level  of  protection,  your  busi¬ 
ness  requirements  will  change  and  new 
processes  and  technologies  will  be  intro¬ 
duced.  Any  protection  and  availability  pro¬ 
gram  that  does  not  anticipate  and  allow  for 
this  fact  is  seriously  flawed. 

Ron  Williams,  a  senior  manager  at  the 
operation  center  at  EarthLink,  a  $1.3  billion 
ISP  based  in  Atlanta,  says  his  company  is 
working  on  a  tiered  storage  strategy  as  a 
way  of  managing  burgeoning  data  caches  in 
conjunction  with  business  value.  “What 
EMC  has  been  doing  for  a  while  is  providing 
the  ability  to  move  data  that  needs  to  be 
accessed  faster  to  storage  that  can  deliver  it 
faster,”  he  says.  “So  much  data  changes  in 
value  so  fast,  so  we  need  to  seamlessly  tie 
tiers  together.” 

Building  a  successful  alignment  strategy  is 
an  ongoing  process,  stresses  Therkalsen. 
“New  applications  are  introduced  so  fast 
that  we  recommend  revisiting  [a  strategy] 
quarterly,  and  at  a  minimum  twice  annual¬ 
ly,”  he  says.  “If  you  don’t  turn  this  into  a 
regular  business  practice,  you’ll  have  to 
repeat  the  process  from  scratch  a  year  later.” 

More  and  more,  companies  can  use 
tools  to  create  automated  service  policies 
for  each  level.  “That’s  the  value-add  we 
expect  to  see  in  software  solutions,”  says 


FIVE  KEY  ENABLING 
TECHNOLOGIES 


■  CLUSTERING 


Automatic  failover  to  a  secondary  site 


E  OPTICAL  AND  SONET 
TRANSPORT 


High-speed  data  transport  for  data 
replication  and  failover 


ENTERPRISE-CLASS  BACKUP 


Enterprise-wide  data  backup,  leveraging 
backup-to-disk  technologies  such  as  ATA 
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ocal  and  long-distance  duplication  of 
data  to  ensure  a  consistent  restart  for 
the  enterprise 
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Marrone-EIurley.  “We’ll  see  more  intelli¬ 
gence  going  into  software  where  it  moni¬ 
tors  service  levels  and  sets  policies.” 

In  an  era  of  global  data  centers  and  com¬ 
panies  that  have  tightly  intertwined  supply 
chains  with  partners  and  distributors,  the 
ability  to  protect  information  is  increasing¬ 
ly  vital  to  the  success  of  the  enterprise.  As 
such,  companies  must  manage  this  task  at  a 
very  high  level,  and  make  sure  that  their 
protection  and  recovery  policies  are  driven 
by  the  value  of  the  information  first  and 
foremost.  Information  Lifecycle  Manage¬ 
ment  can  help  do  that. 

“Our  vision  of  Information  Lifecycle 
Management  is  a  very  integrated  function 
where  you  can  specify  types  of  information 
protection  and  recovery,”  says  Lewis. 
“Information  protection  is  something  that 
companies  must  take  very  seriously.” 


NEXT:  In  the  next  part  of  this  series, 
we’ll  look  at  new  compliance  and 
governance  regulations. 

£]yj£2  FOR  MORE  INFORMATION 

where  information  lives  Visit  WWW.emC.COITl/ilm 

for  an  in-depth  look  at  Information  Lifecycle 
Management  products,  services  and  strategies. 
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your  application  stack.  It  also  lets  you 
take  a  running  virtual  operating  system 
that’s  already  network-connected  and 
move  it  across  machines  while  transac¬ 
tions  are  occurring.  It’s  an  effective 
way  to  add  memory  and  do  load  bal¬ 
ancing.  And  this  takes  hours  rather 
than  days.  Clones  for  disaster  recovery 
aren’t  as  much  of  a  headache,  and  you 
can  move  pools  of  machines  to  where 
they’re  needed. 

Gartner  analyst  Thomas  Bittman 
says  enterprises  should  change  their 
thinking  about  consolidation  and  pur¬ 
sue  a  server  virtualization  strategy 
rather  than  a  server  consolidation  proj¬ 
ect.  EMC’s  purchase  of  VMware 
should  make  that  easier  to  accomplish. 
O  43988 


THORNTON  A.  MAY 


Rethinking 

Vendor 

Management 


an n 

JL 


HE  RELATIONSHIP 
between  corporate 
IT  and  vendors  has 


never  been  worse.’: 


This  is  the  unambiguous  conclusion 
of  high-impact  IT  practitioners  who 
recently  attended  executive  sessions  at 
UCLA,  UC  Berkeley  and  Ohio  State. 

Research  being  conducted  by  schol¬ 
ars  at  the  business  schools  of  these 
universities  indicates  that  among  the 
many  IT  processes  requiring  a  funda¬ 
mental  rethink  in  2004,  the  one  that’s 
most  broken  and  in  need  of  immediate 
remediation  is  vendor  management. 

In  conjunction  with  the  “Managing 
the  Information  Resource”  program  at 
UCLA,  we  asked  IT  leaders  the  follow¬ 
ing  two  questions: 


1.  How  satisfied  are  you  with  your  vendors? 

■  Very  satisfied:  20% 

■  Somewhat  satisfied:  20% 

■  Somewhat  dissatisfied:  50% 

■  Very  dissatisfied:  10% 

2.  How  satisfied  are  you  with  current  vendor 
management  practices? 

•  Very  satisfied:  2% 

■  Somewhat  satisfied:  8% 

■  Somewhat  dissatisfied:  30% 

•  Very  dissatisfied:  60% 

r  We  could  easily  use  the  rest  of  this 
article  (and  about  120  doctoral  disser¬ 
tations)  to  discuss  “What  IT  Leaders 
Say  Vendors  Do  Wrong.”  The  top  four 


complaints  we  hear  most 
frequently  are: 

■  They’re  always  selling, 
never  solving. 

■  It’s  always  about  them, 
never  about  us. 

■  They  offer  very  few  true 
insights  or  actual  solutions. 

■  They  bombard  us  with 
much-too-complicated 
billing  and  labor-intensive 
account-relationship  admin- 
istrivia. 

Instead  of  whining  about 
how  bad  they  are,  let’s  take 
the  high  ground  and  create  a 
win-win  environment  by  instituting  a 
multistep  “full-value  vendor  manage¬ 
ment  program.” 

STEP  1:  Circle  the  Wagons 

You  have  to  lock  down  rogue  IT 
spending  and  re-establish  absolute 
control  over  dollars  spent  for  IT.  The 
chief  financial  officer  can  help  you. 

One  of  the  biggest  concerns  IT  lead¬ 


ers  have  regarding  vendor 
management  is  “shadow 
IT”  (i.e.,  vendors  that  sneak 
into  the  enterprise  by  going 
around  IT-managed  pro¬ 
curement  processes). 

STEP  2:  Open 
The  Kimono 

Assuming  you  have  a 
nondisclosure  agreement 
in  place,  share  with  your 
entire  vendor  community 
your  IT  environment  and 
strategy.  If  possible,  share 
with  them  how  you’ll  mea¬ 
sure  success  and  how  much  money 
you  plan  to  allocate  to  various  problem 
areas.  Vendors  spend  a  huge  amount  of 
effort  trying  to  determine  if  a  given 
problem  area  “has  budget.”  Save  your¬ 
self  and  them  some  hassle.  Tell  them. 

STEP  3:  Compartmentalize 
Your  Vendors 

A  powerful  insight  emerging  from  new 


research  on  best  practices  is  that  there 
are  two  distinct  approaches:  “run  the 
business”  or  “change  the  business.” 
Seldom  are  both  ways  of  applying  best 
practices  pursued  at  the  same  time 
within  IT.  But  they  should  be. 

In  other  words,  I  envision  IT  man¬ 
agers  working  with  two  sets  of  vendor 
teams.  The  first  includes  the  vendors 
they  pay  to  run  today’s  business  plat¬ 
forms  (“run  the  business”).  The  sec¬ 
ond  team  of  vendors  is  used  for  proto¬ 
typing  and  problem-solving  for  the  op¬ 
portunity  to  deploy  the  next  business 
platform  (“change  the  business”).  This 
two-track  approach  ensures  that  the 
incumbent  vendor  doesn’t  take  the 
business  for  granted. 

By  following  these  steps,  it’s  possible 
that  vendor  management  won’t  be  on 
your  fix-it  list  in  2005.  ©  43991 

WANT  OUR  OPINION? 

OMore  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 

www.computerworld.com/columns 
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Records  Managers  Do  Deliver  Value 


According  to  analyst  Alan 
Pelz-Sharpe  in  the  story 
“Records  Management:  A  Neglect¬ 
ed  Discipline"  [QuickLink  43004], 
“Nobody  wants  to  do  [records  man¬ 
agement]  work.  It’s  boring,  and 
there’s  no  R0I.”  That’s  because  it’s 
a  specialty  profession. 

Lots  of  jobs  are  perceived  to  be 
boring  and  to  have  no  ROI  -  by  the 
people  who  don’t  do  them.  But 
those  jobs  are  essential  to  organi- 


THE  ARTICLE  “Cybersecurity  De¬ 
bate  Heats  Up"  [QuickLink 
43560]  quotes  Richard  Clarke  as 
saying  that  "if  industries  don’t  orga¬ 
nize  and  require  quality  assurance 
standards  in  the  products  they  buy, 
then  they  get  what  they  deserve.” 

The  problem  is  that  the  industry 
is  so  locked  into  a  single  vendor 
that  companies  have  little  credibility 
in  “requiring”  anything.  Having 
bought  operating  systems,  produc¬ 
tivity  suites  and  all  manner  of 
servers  from  a  single  vendor,  they 
have  a  huge  investment  at  stake. 

Moreover,  the  software  they’ve 
developed  in-house  or  bought  from 
third-party  vendors  is  for  the  most 
part  designed  specifically  to  run  on 
the  primary  vendor’s  operating  sys- 


zations.  Boring?  Hardly.  I  am  re¬ 
sponsible  for  all  of  my  company’s 
information  and  records,  regardless 
of  physical  form.  And  in  this  day  of 
Sarbanes-Oxley,  everyone  sudden¬ 
ly  cares  about  how  that  stuff  is  be¬ 
ing  retained.  Records  managers 
make  the  connections  between 
parts  of  an  organization.  We  know 
how  the  information  fits  together. 
And  when  the  litigation  hits  the  fan, 
we’re  the  people  who  figure  out 


tern.  Even  Web  applications,  which 
shouldn’t  be  dependent  on  a  spe¬ 
cific  browser,  often  are  crafted  so 
that  they  won’t  work  on  diverse 
client  platforms. 

Customers  and  business  part¬ 
ners  of  a  locked-in  company  also 
incur  a  degree  of  lock-in,  since  ex¬ 
tranet  Web  sites  require  the  “right” 
browser  and  operating  system. 

The  first  step  toward  indepen¬ 
dence  is  to  require  developers  to 
build  applications  that  will  run  on  a 
wider  array  of  client  platforms.  This 
will  cost  more  in  the  short  run,  but 
over  time,  it  will  increase  cus¬ 
tomers’  leverage  and  allow  them  to 
credibly  demand  improvements. 
Rick  Montgomery 
Powhatan,  Va. 


what’s  needed  to  respond. 

No  ROI?  My  job  is  to  keep  ven¬ 
dors  from  allowing  folks  in  my  com¬ 
pany  to  make  the  mistake  of  keep¬ 
ing  everything  forever.  We  reduce 
the  volume  of  records  being  stored 
and  ensure  that  records  are  de¬ 
stroyed  regularly  and  in  accordance 
with  approved  schedules.  Having 
that  consistency  of  program  en¬ 
sures  that  a  company  won’t  be  ac¬ 
cused  of  haphazard  records  de¬ 
struction.  That  consistency  helps  to 
win  lawsuits.  Records  managers 
want  to  do  this  work.  We  find  it  ex¬ 
citing,  and  we  provide  an  ROI  for 
our  employers.  For  more  informa¬ 
tion  on  records  managers  or 
records  management,  visit  www. 
ARMA.org. 

Patrick  Cunningham,  CRM 

Corporate  records  manager, 
Brookfield,  III. 

IT’S  IMPORTANT  TO  NOTE  that  no 
single  product  can  solve  regula¬ 
tory  shortcomings  for  an  unpre¬ 
pared  company.  Compliance  is  a 
process,  not  a  product,  and  IT  de¬ 
partments  that  would  like  to  control 
their  own  destiny  -  i.e.,  not  risk  get¬ 
ting  their  CIO  thrown  in  jail  by  out¬ 
sourcing  to  a  company  unfamiliar 
with  specific  business  practices  - 
need  to  perform  due  diligence,  read 
the  rules  and  do  the  research  need¬ 
ed  to  tailor  a  compliant  records  en¬ 


vironment.  No  two  compliant  envi¬ 
ronments  are  alike. 

Analyst  Alan  Pelz-Sharpe’s  posi¬ 
tion  that  there  is  "no  ROI”  in  records 
management  also  seems  a  bit 
shortsighted.  What  IT  director 
wouldn't  like  to  tell  his  CIO  that  he 
kept  him  out  of  jail?  That  sounds 
like  quite  an  ROI  to  me.  Plus,  the  im¬ 
plementation  of  a  paperless  office 
system  and  the  elimination  of 
archival  file  cabinets  have  saved 
thousands  of  dollars  in  rented  floor 
space,  paper  costs  and  payroll.  It 
doesn’t  take  much  creativity  to  tie  a 
faster,  more  efficient  information  re¬ 
trieval  system  into  a  nice  ROI  figure. 
Bill  Kouzi 

Vice  president  of  sales, 
LaserFiche  Document  Imaging, 
Long  Beach,  Calif, 
info@laserfiche.com 
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E-mail:  letters@computerworld.ccm. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

OFor  more  letters  on  these  and 
other  topics,  go  to 

www.computerworld.com/letters 
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A  CIO  Insight  survey  of  IT  execs  revealed  this  startling  news:  42%  of  the  execs  polled  spent  an  average  of  29  cents  out 
of  every  IT  dollar  (!)  “maintaining  and  managing  excess  complexity.”1  Instead,  simplify.  That’s  what  the  on  demand  world 
demands. You  can  do  it  with  IBM  eServer™  xSeries® systems  powered  by  Intel®  Xeon™  processors.  Not  only  do  they  have 
built-in  self-management  features  that  can  help  improve  server  availability,  they’re  also  time-tested  and  reliable.  For  more 
information,  download  WhyX,  an  in-depth  guide  to  xSeries  systems  at  ibm.com/eserver/advantage 


5  reasons  more  and  more  businesses  are  turning  to  IBM  eServer  xSeries  systems. 
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IBM  eServer  xSeries  systems  are  powered 
by  Intel  Xeon  processors.  (And  they  may  very 
well  cost  less  than  you  think.) 


CIO  Insight,  a  Ziff  Davis  Media  publication,  January  2003  survey  ot  almost  500  IT  executives. 'Additional  charges  apply.  Standard  support  includes  next  business  day  response  in  some  countries.  IBM.  the  e  business 
logo,  eServer,  the  eServer  logo  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel.  Intel  Inside,  the  Intel  Inside  logo 
and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 
of  others.  ©2004  IBM  Corporation.  All  rights  reserved. 
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i  ui)Y  CA'i 01  I  director  of  the  systems  architecture  group  at  the  Philadelphia  Stock  Exchange: 

We  just  reallocated  2TB  of  storage  the  other  week.  It  took  all  of  an  hour  to  plan,  and  15  minutes  to  execute 


Three  case  studies 
show  how  a  unified 
view  of  storage 
resources  can  reduce 
application  downtime 
and  save  money. 

By  Robert  L.  Scheier 

torage  virtualization  isn’t  new.  It 
has  been  done  for  decades  on  main¬ 
frames,  and  almost  every  storage 
vendor  claims  to  offer  virtualization 
across  at  least  some  of  its  products. 

By  creating  a  single  view  of  multiple 
storage  devices,  virtualization  can  simplify  and  thus 
lower  the  cost  of  storage  management.  It  can  also  re¬ 
duce  the  number  of  new  arrays  a  company  buys  by 
combining  data  from  multiple  servers  or  applications 
into  a  shared  pool  of  storage.  That  provides  an  alter¬ 
native  to  buying  more  storage  for  one  overtaxed  serv¬ 
er  while  disk  space  sits  empty  on  the  server  beside  it. 

But  storage  managers  need  to  remember  that  not  all 
virtualization  is  created  equal.  In  many  cases,  a  ven¬ 
dor’s  virtualization  offering  works  only  (or  works  best) 
on  its  own  hardware,  while  most  organizations  own 
storage  hardware  from  many  vendors.  Some  virtual¬ 
ization  products  work  only  on  file-level  devices,  which 
store  and  retrieve  information  as  files,  while  others 
work  on  the  level  of  blocks  (the  smallest  form  in  which 
data  can  be  stored  and  retrieved  on  storage  devices). 

Some  vendors  tout  the  benefits  of  doing  virtualiza¬ 
tion  on  the  server,  while  a  growing  number  claim  it 
should  be  done  on  the  “fabric”  that  links  storage  de¬ 
vices.  But  such  technical  arguments  “typically  focus 
on  details  where  one  vendor  can  differentiate  himself 
from  another,”  says  Randy  Kerns,  a  partner  at  Evalua¬ 
tor  Group  Inc.  in  Greenwood  Village,  Colo.  He  sug¬ 
gests  storage  customers  develop  a  strategy  around 
their  near-  and  long-term  business  needs. 

Users  shouldn’t  look  at  virtualization  as  a  product 
or  a  feature  in  its  own  right,  but  as  an  enabling  tech¬ 
nology  to  solve  business  problems,  says  Steve  Ken- 
niston,  a  technology  analyst  at  Enterprise  Storage 
Group  Inc.  in  Milford,  Mass. 

For  the  fastest  possible  data  backup,  he  says,  a 
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company  might  choose  to  perform  virtualization 
on  a  dedicated  server  such  as  a  network-attached 
storage  appliance  that’s  optimized  for  serving  up 
logical  storage  volumes.  If  a  company  wants  to  flexi¬ 
bly  move  data  among,  say,  servers  running  different 
operating  systems,  it  might  instead  opt  for  fabric- 
based  virtualization  in  which  switches  linking  the 
storage  devices  have  the  intelligence  to  reformat 
data  as  needed. 

Similarly,  a  company  building  a  new  storage  infra¬ 
structure  has  the  luxury  of  choosing  switches  and 
software  that  support  fabric-based  virtualization 
from  the  start,  Kenniston  says,  whereas  one  that  has 
invested  in  expensive  storage-area  network  (SAN) 
switches  might  opt  for  lower-cost,  if  somewhat  slow¬ 
er,  virtualization  software  running  on  a  host. 

Here’s  how  three  customers  focused  on  the  busi¬ 
ness  problems  and,  as  a  result,  are  seeing  the  benefits 
of  virtualization  today. 

Unused  Terabytes 

CUSTOMER  Philadelphia  Stock  Exchange  Inc. 

PROBLEM:  Unable  to  reallocate  storage  without  unaccept¬ 
able  application  downtime 

TECHNOLOGY  Foundation  Suite,  Volume  Manager  from 
Veritas  Software  Corp. 

Virtualization  has  solved  one  big  problem  for  Tony 
Catone,  director  of  the  systems  architecture  group  at 
the  Philadelphia  Stock  Exchange.  But  he  has  two 
more  challenges  he’s  hoping  virtualization  vendors 
will  tackle,  and  soon. 

The  problem  virtualization  has  eliminated  is  under¬ 
use  of  the  terabytes  of  storage  that  were  direct- 
attached  to  the  stock  exchange’s  application  servers 
two  years  ago.  It  would  have  taken  “days  of  planning 
and  hours  of  downtime”  to  reallocate  storage  among 
critical  servers,  Catone  says,  so  the  exchange  simply 
added  more  storage  to  each  server  as  needed.  That 
kept  vital  applications  running  but  was  inefficient 
because  the  exchange  was  buying  new  storage  for 
some  servers  while  storage  sat  unused  on  others. 

By  moving  to  Brocade  switches,  EMC  Symmetrix 
systems  and  Hitachi  Data  Systems  SANs,  Catone 
has  increased  storage  utilization  from  50%  to  75% 
and  saved  $500,000  by  reassigning  unused  storage 
among  applications  rather  than  buying  new  disks. 
“We  just  reallocated  2TB  of  storage  the  other  week,” 
he  says.  “It  took  all  of  an  hour  to  plan  and  15  minutes 
to  execute.” 

The  SANs  now  provide  storage  for  the  stock  ex¬ 
change’s  Tier  1  transactional  applications,  as  well  as 
Tier  2  applications  such  as  decision  support.  Tier  3 
consists  of  archival  data  stored  on  tape.  Next  year, 
Catone  says  he  plans  to  move  the  Tier  3  data  to  SCSI 
or  Advanced  Technology  Attachment-based  disk 
drives  to  provide  relatively  low-cost,  but  rapid,  re¬ 
trieval  of  archived  data,  since  “there  are  times  when 
we  want  to  be  able  to  [recover]  data  within  15  min¬ 
utes  or  a  half  hour  from  five  years  ago.” 

The  second  capability  Catone  wants  from  virtual¬ 
ization  is  automated  migration  of  12TB  of  data  among 
different  storage  systems  based  on  preset  criteria 
such  as  the  age  of  the  data,  the  capacity  of  the  disks 
on  which  it’s  stored,  or  file  or  data  type.  He  would 
like  to  see  virtualization-based  storage  management 
tools  that  could  perform  this  function  instead  of  high¬ 
ly  paid  application  developers  and  database  adminis- 
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STORAGE  VIRTUALIZATION: 

Provides  an  abstraction  layer  that  separates 
the  user  view  from  storage  implementation 

n  Makes  physical  pathing,  device  characteristics 
and  physical  data  location  invisible  to  the  user 

i  Provides  location  and  implementation  transparency 

fi  Enables  transparent,  on-the-fly  reconfiguration 
of  resources 

ra  Allows  data  location  changes  that  are  transparent 
to  the  host  system 

BENEFITS  INCLUDE: 

b  Improved  utilization  of  storage  resources 
a  Reduced  application  downtime 
i  Simplified  storage  management 
«  Potential  cost  savings  on  storage  assets 


trators  whose  time  could  be  better  spent  developing 
revenue-enhancing  applications. 

Automated,  policy-driven  migration  would  require 
virtualization  to  solve  Catone’s  third  problem:  shar¬ 
ing  storage  among  servers  running  different  operat¬ 
ing  systems.  He  hopes  that  virtualization  performed 
on  the  fabric  of  switches  and  other  hardware  in  stor¬ 
age  networks  will  eventually  mask  the  differences 
between  files  used  by  different  operating  systems. 


Improved  Storage  Prescription 

CUSTOMER.  Denver  Health  Medical  Center 

BUSINESS  PROBLEM:  Underutilized  direct-attached  storage; 

need  for  seamless  disaster  recovery 

VIRTUALIZATION  PRODUCTS:  IP  SAN  from  LeftHand 
Networks  Inc. 

Jeff  Pelot  has  already  seen  the  reality  of  virtualiza¬ 
tion,  when  he  watched  four  Network  Storage  Mod¬ 
ules  (NSM)  from  LeftHand  Networks  come  up  as  he 
installed  an  IP  SAN  at  the  Denver  Health  Medical 
Center. 

“We  plugged  the  things  in,  turned  them  on;  they 
came  up  and  recognized  each  other  as  a  contiguous 
storage  device,  even  though  they  were  physically 
separated  by  a  couple  of  buildings,”  recalls  Pelot,  the 
health  care  provider’s  chief  technology  officer. 

The  3,700-employee  hospital  currently  has  a  split 
environment  of  Fibre  Channel  SANs  in  the  form  of 
two  Clariion  products  from  Hopkinton,  Mass.-based 
EMC  Corp.  They  were  purchased  in  2001  and  2002  to 
escape  the  cycle  of  buying  more  disks  whenever  one 
of  the  medical  center’s  97  servers  failed  and  to  keep 
up  with  a  50%-per-year  growth  in  storage  demand. 
Pelot  put  3TB  of  data  from  critical  patient-care  sys¬ 
tems,  as  well  as  e-mail  and  other  departmental  appli¬ 
cations,  on  the  Clariions  but  kept  a  beta-testing  rela¬ 
tionship  with  Boulder-based  LeftHand. 

Although  the  Clariions  provided  more  efficient 
provisioning  and  improved  data  protection  and  re¬ 
covery  compared  with  direct-attached  storage,  Pelot 
hoped  IP  SANs  could  provide  similar  performance  at  a 
lower  price,  as  well  as  simplified  management  through 
virtualization.  In  early  2002,  he  became  LeftHand’s 
first  customer,  buying  two  NSMs  for  the  hospital  data 
center  and  two  more  for  a  network  wiring  closet. 

“When  I  look  at  my  EMC  SAN,  I  have  two  frames, 


and  they  mirror  each  other  completely.  That  doubles 
the  cost  to  manage  whatever  storage  I  have,”  says 
Pelot.  In  contrast,  the  single  console  interface  Left- 
Hand  provides  is  “very,  very  intuitive”  and  allows  a 
single  administrator  to  manage  the  EMC  as  well  as 
the  LeftHand  environments,  he  says. 

When  the  hospital  provides  him  with  more  space 
in  a  new  building,  Pelot  will  use  snapshot,  remote 
copy  and  asynchronous  replication  to  duplicate  data 
between  the  NSMs  in  his  current  data  center  and  the 
new,  more  secure  location.  “I  don’t  have  to  duplicate 
my  environment  to  still  maintain  high  availability 
and  disaster  readiness,”  he  says. 

Pelot  now  has  5TB  of  raw  capacity  on  the  Clariions 
and  7TB  on  the  IP  SAN.  In  the  future,  he  also  expects 
to  see  clinical  data  “going  to  the  IP  SAN  because  it’s 
more  affordable  and  it’s  proving  itself.” 

Application  Acceleration 

CUSTOMER:  Wasatch  Advisors  Inc. 

BUSINESS  PROBLEM:  Underused  direct-attached  storage; 
poor  application  response  time;  need  for  cost-effective 
remote  backup 

TECHNOLOGY:  SANsymphony  from  DataCore  Software  Corp. 

Virtualization  hasn’t  reached  its  ultimate  goal  of  au¬ 
tomated,  policy-driven  data  migration  across  storage 
devices  from  any  vendor.  But  it  was  good  enough  to 
pay  for  itself  within  nine  months  for  Wasatch  Advi¬ 
sors.  The  Salt  Lake  City-based  mutual  fund  firm  was 
running  approximately  500GB  of  direct-attached 
storage  on  its  approximately  25  servers  when  it  be¬ 
gan  looking  for  an  alternative  storage  strategy  in 
mid-2002,  says  CIO  Dwight  Ricks.  With  disk  utiliza¬ 
tion  at  only  27%,  Wasatch  was  buying  much  more 
disk  than  it  needed.  In  addition,  new  compliance¬ 
checking  software  was  slowing  response  time,  as  was 
the  process  of  mirroring  individual  servers  to  an  off¬ 
site  location  one  by  one. 

In  November  2002,  Ricks  purchased  a  Dell  Inc. 
PowerVault  660F  configured  for  RAID  10  mirroring 
with  about  1.5TB  of  capacity.  He  chose  DataCore’s 
SANsymphony  storage  management  software  be¬ 
cause  of  its  performance  and  support  of  servers  and 
storage  from  multiple  vendors.  Ricks  is  now  using 
Fort  Lauderdale,  Fla.-based  DataCore’s  asynchronous 
IP  mirroring  on-site,  and  by  the  end  of  the  first  quar¬ 
ter,  he  hopes  to  also  be  using  it  to  mirror  data  off-site. 

By  placing  storage  on  the  Fibre  Channel  SAN, 
Ricks  has  reduced  the  performance  hit  from  the 
compliance-checking  application  and  improved  re¬ 
sponse  time  for  traders  by  50%.  Add  that  to  the  sav¬ 
ings  from  making  more  efficient  use  of  his  disk 
space,  and  Ricks  figures  he  made  back  his  invest¬ 
ment  within  nine  months. 

And  by  using  SANsymphony’s  Dynamic  Network 
Managed  Volumes,  he  says  he  can  set  up  and  assign 
storage  volumes  “during  production  hours  instead  of 
having  to  come  in  on  a  weekend  or  late  at  night.”  To 
Ricks,  virtualization  means  “I  can  do  my  job  when  I 
need  to  do  my  job,  and  it  doesn’t  have  any  impact  on 
the  servers.”  ©  43718 


VIRTUAL  DIFFERENCES 


To  read  about  the  various  approaches  vendors  take  to  storage 
virtualization,  visit  our  Web  site: 

OQuickLink  43719 
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NICHOLAS  PETRELEY 


Gazing  Into  the 
Cyber-Crystal  Ball 


IT’S  TIME  ONCE  AGAIN  to  get  out  the  cyber¬ 
crystal  ball  and  make  predictions  about  the  near 
and  distant  future.  But  first,  let’s  take  a  look  at 
the  scorecard  from  last  year. 

I  predicted  a  big  revival  of  interest  in  Java- 
based  client  applications  over  this  year  and  the  next. 

I  still  have  another  year  for  this  to  pan  out,  and  my 
chances  look  good.  I  personally  use  a  Java-based  per¬ 
sonal  finance  application  and  a  Java-based  text  editor 


on  a  regular  basis.  There 
are  hundreds  of  other  types 
of  Java-based  client  appli¬ 
cations  available,  some  of 
which  are  remarkably  pop¬ 
ular.  The  Eclipse  graphical 
integrated  development  en¬ 
vironment  is  possibly  the 
most  popular  of  all.  It  has 
been  downloaded  over  12 
million  times  in  two  years. 

It  has  hundreds  of  available 
plug-ins,  and  the  latest  ver¬ 
sions  are  winning  awards 
left  and  right.  Eclipse  will 
even  boast  its  own  techni¬ 
cal  conference,  starting  this  year 
( www.eclipsecon.org ).  There  has  also 
been  an  explosion  of  Java-based  client 
applications  for  mobile  phones  and 
PDAs,  although  they’re  mostly  games. 

I  also  predicted  that  Microsoft 
would  back  off  its  efforts  to  win  the 
server  market  and  refocus  its  attention 
on  the  home  media  center.  I  believe 
there  is  plenty  of  evidence  to  call  this 
prognostication  a  bull’s-eye,  but  since 
the  evidence  is  mostly  circumstantial, 
I’d  be  interested  in  whether  you  think 
this  prediction  is  panning  out. 

My  first  prediction  for  this  year  is 
the  same  one  I’ve  been  chanting  for  a 
half-dozen  years  or  more:  A  network 
computing  revolution  is  inevitable.  I’m 
betting  that  network  computing  will 
run  primarily  on  Java,  but  there’s  an- 
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other  possibility  that  dove¬ 
tails  nicely  with  the  idea 
that  Microsoft  will  contin¬ 
ue  to  focus  its  efforts  on 
storming  the  home  market. 

First,  think  of  the  obsta¬ 
cles  that  have  prevented 
network  computing  from 
taking  over  the  world.  The 
problem  cited  most  often 
is  insufficient  bandwidth. 
Put  simply,  networks,  espe¬ 
cially  home  Internet  con¬ 
nections,  can’t  handle  the 
traffic  required  to  support 
network  computing,  espe¬ 
cially  if  you  have  to  download  entire 
applications  to  your  client  every  time 
you  want  to  do  some  work. 

One  way  to  minimize  network  traf¬ 
fic  is  to  use  a  hard  drive  to  cache  ap¬ 
plications  and  data  so  that  a  network 
computer  client  has  to  retrieve  only 
whatever  data  has  changed  since  the 
last  time  the  client  was  used.  Now 
think.  What  home  media  device  has  a 
hard  drive  installed  by  default  (other 
than  digital  video  recorders  like 
TiVo)?  The  Xbox. 

Of  course,  the  only  thing  less  likely 
than  Microsoft  endorsing  network 
computing  via  a  loss-leader  device  like 
the  Xbox  is  Microsoft  using  Java  for 
the  applications.  But  one  never  knows. 
Perhaps  by  the  time  Xbox  2  ships, 
things  will  be  different. 


I’m  going  to  go  way  out  on  a  limb 
with  my  next  prognostication.  I  pre¬ 
dict  that  the  usage  of  Internet  Explorer 
will  fall  below  50%  of  Web  surfers 
within  the  next  three  years,  if  not 
sooner.  Internet  Explorer  is  the  Win¬ 
dows  3.1  of  the  browser  world,  soft¬ 
ware  that  has  stagnated  for  nearly  a 
decade  because  using  it  is  easier  than 
installing  an  alternative. 

Alternatives  like  Mozilla,  Opera 
Konqueror  and  Safari  are  getting  light- 
years  ahead  of  Internet  Explorer  in 
terms  of  usability  and  features. 

They’re  free  (you  can  purchase  a  com¬ 
mercial  version  of  Opera),  easy  to 
download  and  easy  to  install.  Inertia 
counts  for  a  lot  among  software  users, 
but  these  advantages  aren’t  going  to 
escape  their  notice  forever.  That  will 
be  especially  true  when  it  becomes  ob¬ 
vious  that  Microsoft  is  attempting  to 
charge  user  subscription  fees  to  get 
features  like  pop-up  blocking  —  fea¬ 
tures  already  integrated  into  other  free 
browsers. 

It  will  be  difficult  to  assess  how  well 
I  do  on  this  prediction,  because  it’s  so 
easy  to  set  some  alternative  browsers 
to  identify  themselves  as  Internet  Ex¬ 
plorer  to  Web  sites.  But  if  Internet  Ex¬ 
plorer  continues  to  fester  untouched 
and  this  unthinkable  prediction  turns 
out  to  be  true,  remember  you  read  it 
here. 

Finally,  I  predict  this  will  be  the  year 
SCO  will  go  from  laughingstock  to 
penny  stock.  Ron  Popeil  will  buy  the 
company  for  $50  ($25  after  rebate) 
and  start  selling  a  fake  head  of  Dari 
McBride  mounted  sideways  on  a  simu¬ 
lated  wood  plaque.  The  head  periodi¬ 
cally  will  turn  to  face  you  and  utter 
hollow  threats  like,  “The  singing  fish 
was  my  idea!  I’ll  sue!”  O  44047 
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Fujitsu  Introduces 
Widescreen  Tablet 


Fujitsu  Computer  Systems  Corp. 
has  introduced  a  new  tablet  PC. 
The  Stylistic  ST5000  features  a 
12.1-in.  screen,  built-in  Gigabit 
Ethernet  connections,  a  built-in 
smart  card  slot  and  optional 
Wi-Fi  connections.  It’s  equipped 
with  an  Intel  Pentium  M 
processor,  and  its 
standard  battery 
provides  up  to  five 
hours  of  use,  ac 
cording  to  San¬ 
ta  Clara,  Calif.-based  Fuji¬ 
tsu.  The  ST5000  comes  in  a  slate 
format  and  has  an  optional  dock¬ 
ing  system.  Its  base  price  is 
$2,049. 


3Com  Announces 
Ethernet  Switch 

3Com  Corp.  in  Marlboro,  Mass., 
last  week  announced  the  3Com 
IntelliJack  Switch  JN220,  a  four- 
port  managed  Ethernet  switch 
that  fits  into  a  standard  single¬ 
port  wall  outlet.  The  product,  for¬ 
merly  called  the  Network  Jack, 
features  enhancements  over  the 
previous  version  released  in  No¬ 
vember  2002;  they  include  voice 
support,  new  security  and  ad¬ 
vanced  management.  It  is  ship¬ 
ping  now  and  is  priced  at  $219, 
with  a  Power  Over  Ethernet  at¬ 
tachment  for  an  added  $29. 


Corel  to  Launch 
Design  Suite 

A  “smart  drawing”  tool  and 
graphics  placement  guides  are 
among  the  new  features  in  Corel 
Corp.’s  upcoming  CorelDraw 
Graphics  Suite  12,  which  will  be 
released  next  month  by  the  Ot¬ 
tawa-based  company.  The  new 
tools  are  aimed  at  helping  users 
produce  business  graphics  faster 
using  the  main  three  applications 
-  CorelDraw  12  for  illustrations 
and  page  layout,  Corel  Photo- 
Paint  12  for  digital  imaging  and 
Corel  R.A.V.E.  3  for  motion- 
graphics  creation.  The  full  version 
of  the  suite  retails  for  $399;  an 
upgrade  costs  $179. 
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Being  an  IT  leader  means  communicating 
up,  down  and  around  the  company. 

By  Mark  D.  Lutchen 

The  CIO 

«  As  Chief.  , 

Communicator 


Often,  effective  communi¬ 
cation  skills  aren’t  consid¬ 
ered  high  priorities  for 
CIOs.  However,  like  any  oth¬ 
er  major  business  unit  in  a 
company,  the  IT  organiza¬ 
tion  must  effectively  com¬ 
municate  on  a  regular  basis 
with  all  of  its  constituents 
and  customers. 

Consider  the  case  of  a  large  North 
American  food  services  company, 
where  the  communications  function 
was  very  poor.  Competing  local  IT 
groups  rarely  communicated  with  one 
another.  And  the  little  communication 
that  took  place  with  other  constituen¬ 
cies  was  brief,  often  “IT-cryptic”  and 
usually  self-serving.  Powerful  IT  man¬ 
agers  intimidated  their  staffs,  and  any 
communication  with  those  staffs  was  in 
the  form  of  top-down  directives,  offer¬ 
ing  little  chance  for  discussions  about 
key  issues. 

Communication  between  IT  leaders 
and  the  company’s  executive  business- 
unit  management  was  no  better.  Even 
when  the  IT  organization  had  accom¬ 
plished  “great  things”  that  it  could  brag 
about,  IT  leadership’s  lack  of  under¬ 
standing  concerning  the  power  of  mar¬ 
keting  and  communications  ensured 
that  nobody  in  the  company  was  taking 
the  IT  organization  seriously. 

Fortunately,  company  leadership  ap¬ 
pointed  a  new  CIO  who  understood  the 
power  of  communication,  both  within 
the  organization  and  between  the  orga¬ 
nization  and  its  constituencies.  In  the 
IT  organization,  he  undertook  a  series 
of  steps  to  open  lines  of  communication 
from  IT  leadership  to  staff,  from  IT 
staffers  to  leadership  and  among  IT 
staff,  so  they  could  more  effectively 
meet  their  users’  needs: 

■  He  set  up  a  series  of  open  and  can¬ 
did  “town  hall”  sessions  across  IT  and 
with  IT  users  and  business-unit  man¬ 
agement  teams. 

■  He  established  an  open-door  policy 
whereby  anyone  in  the  IT  organization 
could  communicate  directly  with  him 
—  face  to  face,  over  the  telephone  or 
via  e-mail.  Part  of  this  policy  was  an 
open  electronic  forum  (similar  to  a 
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chat  room)  where  individuals  could 
—  anonymously  if  they  wished  — 
pose  questions  to  their  colleagues 
or  the  CIO. 

■  He  initiated  a  “no  surprises”  policy 
focused  on  encouraging  people  to  com¬ 
municate  problems  early  and  find  solu¬ 
tions  before  the  problems  grew  larger. 

This  CIO  intuitively  understood  the 
power  of  marketing,  even  though  he 
knew  that  he  didn’t  have  all  of  the  skills 
required  to  create  and  deliver  effective 
marketing  messages.  He  brought  a  pro¬ 
fessional  marketing  and  communica¬ 
tions  person  into  the  organization  to 
help  him  and  others  throughout  the  IT 
organization  become  more  effective 
communicators  among  themselves, 
with  users  and  with  corporate  man¬ 
agers. 

Communication  doesn’t  just  happen. 
It  requires  confidence  on  the  part  of  the 
organization’s  leader,  and  it  requires 
professional  assistance  to  tailor  the 
organization’s  message  for  particular 
audiences. 

The  CIO  must  be  comfortable  sitting 
at  the  center  of  three  communications 
channels  or  funnels  (see  diagram,  next 
page).  From  this  vantage  point,  the  CIO 
facilitates  communication  between 
techies  and  executives  in  one  of  the 
funnels,  between  users  and  providers 
in  another  of  the  funnels,  and  between 
those  inside  the  company  and  those 
outside  the  company  in  the  third 
funnel. 

To  some  extent,  the  CIO  serves  as  the 
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translator  of  IT  information  —  sort  of 
a  Rosetta  stone  —  among  all  the  differ¬ 
ent  parties.  And  the  CIO  must  be  able 
to  alter  the  content-delivery  medium 
and  his  or  her  communication  style  to 
suit  each  constituency. 

A  marketing  and  communications 
professional  can  help  CIOs  to  not  only 
craft  their  messages  in  terms  that  are 
meaningful  to  each  constituency,  but 
also  understand  how  every  one  of  their 
actions  and  behaviors  communicates 
to  the  various  constituencies  as  power¬ 
fully  as  their  words. 

From  Captive  to  Willing  User 

Because  everyone  in  a  company  uses 
IT,  everyone  is,  in  a  sense,  a  captive  of 
the  IT  organization.  However,  the 
goals  of  IT  communications  are  to 
make  users  want  to  utilize  IT  services 
and  to  persuade  them  that  the  IT  orga¬ 
nization  is  a  provider  of  high-quality, 
high-performance  services  of  signifi¬ 
cant  value. 

To  accomplish  these  objectives  and 
create  willing,  rather  than  captive, 
users,  IT  leaders  (with  the  help  of 
communications  professionals)  need 
to  take  the  time  and  effort  required  to 
craft  messages  that  place  IT  activities 
and  efforts  in  the  proper  context.  Then 
they  need  to  instill  in  every  member  of 
the  IT  organization  the  notion  that  car¬ 
rying  these  messages  in  a  consistent 
fashion  to  various  constituencies,  with¬ 
in  and  outside  the  company,  is  impor¬ 
tant  and  is  a  part  of  every  person’s  job. 


Three  Ways 
To  Spin  It 

A  CIO  SHOULD  engage  an  IT  organization 
communications  professional  to  assist  in  crafting 
appropriate  messages  tailored  to  specific  circum¬ 
stances,  audiences  and  purposes.  Generally,  cor¬ 
porate  communications  fall  under  one  of  the  fol¬ 
iowing  three  categories: 

1.  Marketing 

Marketing  messages  are  communicated  through 
various  media  in  ways  that  are  attractive  and  ap¬ 
pealing  to  specific  audiences.  They’re  crisp  and 
brisk.  Their  purpose  is  to  get  the  audience  to  ac¬ 
cept  the  message  quickly.  For  IT,  marketing  ef¬ 
forts  seek  to  build  awareness  of  the  IT  organiza¬ 
tion,  of  its  attributes  and  of  the  role  it  plays  in  ac¬ 
complishing  the  company’s  business  goals. 
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Too  many  CIOs  and  other  IT  profes¬ 
sionals  are  comfortable  running  IT  as  a 
“black  box”  operation  and  communi¬ 
cate  their  activities  on  a  need-to-know 
basis.  However,  if  CIOs  are  to  be  invit¬ 
ed  to  sit  at  the  executive  table,  they 
must  peel  back  the  curtain  and  reveal 
how  IT  operates  and  articulate  mes¬ 
sages  that  help  explain  these  opera¬ 
tions  and  how  they  benefit  the  compa¬ 
ny.  Transparency  and  open,  candid 
communications  are  two  ways  to 
achieve  that  goal. 

Communicating  Like 
Business  Leaders 

To  manage  IT  as  a  business,  CIOs  must 
learn  how  to  communicate  like  busi¬ 
ness  leaders.  This  means  properly  bal¬ 
ancing  honesty  and  integrity  with  a 
small  dose  of  politics  or  “spin  control.” 


Political  leaders  and  constituencies,  in¬ 
cluding  the  CIO  and  those  who  work 
in  the  broader  IT  organization,  need  to 
define  how  others  in  the  company  per¬ 
ceive  them  and  their  organizations.  If 
they  don’t,  others  will  do  it  for  them. 

At  one  organization  I  worked  with, 
the  CIO  and  IT  staff  were,  from  a  tech¬ 
nical  perspective,  among  the  best  I’ve 
ever  seen.  Despite  their  skills,  others 
in  the  company  treated  them  as  door 
mats  and  regularly  subjected  them  to 
vicious  tongue-lashings.  Any  time  an 
IT-related  problem  cropped  up,  the 
highly  qualified  IT  professionals  be¬ 
came  the  scapegoats  and  were  put  on 
the  defensive.  They  were  disheartened 
and  demoralized  because  they  knew 
they  were  doing  a  good  job.  But  the 
CIO  and  the  entire  IT  organization 
didn’t  know  how  to  get  that  message 


across  effectively  to  the  various  con¬ 
stituencies. 

The  marketing/communications 
group  persuaded  the  CIO  to  hold 
monthly  briefing  sessions  with  each 
business  unit.  He  began  to  issue  a  mar¬ 
keting-grade,  quarterly  report  on  IT 
performance,  services  and  projects. 
Within  six  months,  the  IT  organiza¬ 
tion’s  image  improved  significantly 
within  the  company,  and  people  within 
the  IT  organization  began  to  believe 
they  were  recognized  as  real  contribu¬ 
tors  to  the  company’s  success. 

Framing  the  Message 

Whether  the  message  is  delivered  in  a 
marketing,  public  relations  or  general 
communications  format,  it  must  be 
clear,  consistent  and  meaningful  to  the 
intended  audience.  Communications 
should  be  linked,  both  explicitly  and 
implicitly,  to  the  company’s  business 
strategy,  not  merely  to  the  IT  strategy. 
IT’s  role  in  supporting  and  enabling 
that  strategy  should  be  woven  into  the 
IT  organization’s  message.  Because 
quality,  cost  and  service  delivery  are 
the  IT  organization’s  key  deliverables, 
messages  should  focus  on  how  IT  is 
progressing  on  improving  these  areas. 
0  43815 


PR  TO  THE  RESCUE 

Case  study:  A  crisis  PR  plan  reassured  customers  and 
employees  after  a  catastrophic  fire  at  a  data  center: 
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Caution:  Because  of  their  tendency  to  pro¬ 
duce  technical  solutions,  many  CIOs  and  IT  or¬ 
ganizations  mistakenly  focus  on  e-mail  for 
marketing.  In  almost  all  cases,  a  more  appro¬ 
priate  combination  of  media  is  more  effective. 

IT  organizations  can  use  marketing  to  build 
awareness  of  the  services  they  provide,  of  current 
performance  levels  and  of  projects  in  progress. 
They  can  also  use  marketing  to  prepare  various 
constituencies  for  changes  to  those  services. 

2.  Public  Relations 

The  field  of  public  relations  seeks  to  use  “free 
media”  to  increase  awareness  of  an  organization 
and  of  the  esteem  in  which  it's  held.  When  com¬ 
municating  to  an  internal  audience,  the  CIO  and 
all  of  the  company's  IT  professionals  must  portray 
their  activities  as  being  “under  control"  from  a 
performance,  economic,  organizational  and  man¬ 
agement  perspective.  For  example,  the  IT  team 
should  regularly  use  PR  to  tout  24/7  services  and 
special  projects. 

Even  the  simple  act  of  explaining  mundane 
services  such  as  help  desk  usage  statistics  can 
provide  a  PR  message.  Doing  it  with  a  spread¬ 


sheet  sends  a  message:  This  is  a  techie  organiza¬ 
tion.  Flowever,  adding  a  little  narrative  spin,  in¬ 
cluding  some  trend  analysis  and  a  few  clear,  color 
graphics  conveys  a  different  message:  The  IT 
group  is  able  to  measure  things  in  a  business- 
focused  manner.  Better  yet,  if  the  message  is  de¬ 
livered  in  a  formal  briefing  session  rather  than  by 
e-mail,  the  CIO  is  seen  as  one  of  the  company’s 
leaders. 

Public  relations  can  also  be  used  to  deal  with 
IT  crises.  In  fact,  in  today’s  world,  because  IT 
touches  just  about  everyone  in  the  company,  the 
manner  in  which  IT  crises  are  handled  can  make 
or  break  the  CIO,  the  entire  IT  organization  and 
perhaps  even  the  company  itself.  Possible  events 
that  warrant  the  use  of  “crisis  PR"  include  a  merg¬ 
er  or  acquisition  integration  mishap,  a  catastroph¬ 
ic  failure  of  a  mission-critical  application,  a  net¬ 
work  or  critical  infrastructure  failure,  a  significant 
security  breach  or  unchecked  virus  attack,  or  a 
physical  disaster. 

3.  Other  Communications 

Beyond  marketing  and  public  relations,  other 
communications  in  which  the  CIO  or  other  mem¬ 


bers  of  the  IT  organization  engage  include: 

Regularly  issued  (quarterly,  semiannual  and 
annual)  operating  reports. 

■  Formal  organizational  leadership  meetings  and 
conferences. 

■  Open  forums,  which  can  range  from  brown-bag 
lunches  to  e-mail  bulletin  boards. 

One  of  the  most  effective  communication  tools 
I’ve  ever  encountered  involved  a  CIO’s  regularly 
scheduled  personal  visits  to  local  office  locations. 
The  CIO  would  engage  in  informal  discussions 
with  the  IT  organization’s  key  customers/users 
and  with  business-unit  management.  In  addition, 
the  CIO  took  the  opportunity  to  meet  with  local  IT 
staff  members  to  talk  about  the  organization’s 
overall  strategy  and  to  solicit  their  views  and  con¬ 
cerns.  These  were  highly  successful  sessions  be¬ 
cause  everyone  involved  derived  something  posi¬ 
tive  from  them.  As  soon  as  the  CIO  would  leave  a 
location,  staffers  would  be  on  the  phone  or  writ¬ 
ing  e-mail  trying  to  set  up  a  date  for  the  next  visit. 

The  direct,  personal  approach  of  this  CIO  cre¬ 
ated  substantial  trust  and  credibility  among  users, 
business-unit  leaders  and  IT  staff  alike. 

-MarkD.  Lutchen 
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Retailer  Outsources 
EDI  Supply  Chain 

Tweeter  Home  Entertainment 
Group  Inc.  is  outsourcing  its  elec¬ 
tronic  data  interchange  (EDI)  sup¬ 
ply  chain  to  Global  Exchange  Ser¬ 
vices  Inc.  in  Gaithersburg,  Md. 
Tweeter,  which  has  174  consumer 
electronics  retail  stores,  will  use 
GXS’s  Logistics  Visibility  product 
to  track  orders  and  shipments, 
with  the  goal  of  improving  the 
management  of  inventory,  staff 
and  supplier  invoices,  and  other 
business  processes. 


Martha  Stewart  CIO 
Moves  to  Bluegreen 

Bluegreen  Corp.,  a  Boca  Raton, 
Fla.-based  developer  and  mar¬ 
keter  of  time-share  resorts  and 
residential  subdivisions,  has  hired 
Sheila  Beauchesne,  38,  as  CIO. 
She  will  be  responsible  for  the  IT 
infrastructure,  as  well  as  all  data¬ 
base  and  advanced  marketing 
technology. 

Beauchesne  had  been  senior 
vice  president  and  CIO  at  New 
York-based  Martha  Stewart  Living 
Omnimedia  Inc.  since  1999.  She 
has  also  held  executive  positions 
at  the  North  American  Rental 
Group  of  AutoNation  Inc.  and 
Blockbuster  Entertainment. 


Prudential  Names 
Successor  to  CIO 

Prudential  Financial  has  named 
Barbara  G.  Koster  to  replace  CIO 
William  D.  Friel,  who  is  retiring  af¬ 
ter  16  years  at  the 
company.  Koster 
joined  Prudential 
in  1995  as  vice 
president  of  policy 
administration 
and  management 
systems  and  was 
most  recently  CIO  of  Prudential  In¬ 
dividual  Life  Insurance.  In  that 
role,  she  oversaw  the  LaunchPad 
program,  which  provided  laptops 
to  Prudential’s  field  force  and  en¬ 
abled  mobile  access  to  product 
and  customer  information.  In  her 
new  position,  she  will  be  responsi¬ 
ble  for  IT  companywide. 


BART  PERKINS 


Offshore 


OFFSHORE  OUTSOURCING  is  here  to  stay, 
since  U.S.  companies  need  to  remain 
competitive  in  the  world  market.  Re¬ 
sponsible  business  people  have  to  con¬ 
sider  moving  work  to  locations  that  offer 
the  best  combination  of  cost  and  service. 

Unfortunately  the  U.S.  is  in  the  midst  of  an  offshore 
mania.  The  hype  in  the  business  and  trade  press  (as 
well  as  that  great  executive  opinion-shaper,  the  airline 
magazine)  simultaneously  causes  and  confirms  this.  As 
a  result,  a  large  number  of  companies  are  convinced 
that  they  must  send  something  offshore  to  remain  com¬ 
petitive  and  are  further  convinced  that  they  must  do  so 
immediately. 


In  addition,  many  compa¬ 
nies  are  feeling  so  pres¬ 
sured  that  they  truly  be¬ 
lieve  they  don’t  have  time 
to  examine  the  questions 
necessary  for  success  off¬ 
shore.  But  companies  that 
focus  solely  on  the  poten¬ 
tial  cost  savings  from  going 
offshore,  without  careful 
evaluation  of  corporate  mo¬ 
tivations,  business  issues 
and  trade-offs,  will  be  un¬ 
happy  with  their  offshore 
efforts  down  the  road. 

No  Shortcuts 

Many  companies  are  cur¬ 
rently  searching  for  the 
“right”  offshore  partner. 

But  they  aren’t  really  in  a  position  to 
determine  which  of  the  myriad  off¬ 
shore  options  best  meets  their  needs 
unless  they’ve  established  their  sourc¬ 
ing  requirements.  This  is  most  effec¬ 
tively  accomplished  through  a  process 
that  examines  the  critical  sourcing  is¬ 
sues,  which  then  leads  to  a  deliberate 
sourcing  strategy. 

I’ve  recently  been  approached  by  a 
number  of  companies  that  are  inter¬ 
ested  in  going  offshore  but  that  want 
to  jump  straight  to  partner  selection 


and  contract  negotiation, 
without  doing  any  home¬ 
work.  For  example,  a  sys¬ 
tems  integration  firm  asked 
me  to  introduce  it  to  an  off¬ 
shore  company  that  could 
supply  programmers  and 
project  managers.  In  order 
to  determine  which  compa¬ 
nies  might  be  most  appro¬ 
priate,  I  asked  the  systems 
integration  people  several 
qualifying  questions,  in¬ 
cluding  these: 

■  Which  cost/service 
trade-offs  are  you  willing 
to  make? 

■  How  much  risk  can 
your  company  tolerate? 

■  How  will  you  make  de¬ 
cisions  and  resolve  disagreements 
with  your  offshore  partner? 

■  How  important  is  Software  Engi¬ 
neering  Institute  certification?  Does 
your  company  require  CMM  Level  5 
processes? 

■  Do  you  have  several  low-risk  proj¬ 
ects  that  would  make  good  pilots? 

When  faced  with  these  questions, 
the  systems  integration  people  became 
impatient.  They  insisted  they  didn’t 
have  time  to  explore  such  questions, 
but  needed  to  select  a  partner  and  sign 
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an  agreement  immediately.  (It’s  inter¬ 
esting  to  note  that  this  well-estab¬ 
lished  company  would  never  dream  of 
starting  one  of  its  own  consulting  as¬ 
signments  without  a  clear,  well-writ- 
ten  set  of  requirements.) 

A  Quickie  Wedding? 

This  company  reminds  me  of  someone 
who  desperately  wishes  to  be  married. 
With  only  that  goal  in  mind,  he  rushes 
to  a  justice  of  the  peace  with  someone 
he  met  a  week  ago  at  a  dinner  party, 
despite  the  advice  of  close  friends. 
What  do  you  suppose  the  odds  on  that 
marriage  lasting  will  be?  Such  a  brief 
engagement  can  result  in  a  successful 
marriage,  but  the  chances  are  extreme¬ 
ly  poor.  Do  you  want  to  bet  your  com¬ 
pany’s  future  on  the  equivalent  of  a 
one-week  engagement?  And,  by  the 
way,  just  like  divorce,  leaving  your  off¬ 
shore  partner  will  be  costly  and 
painful. 

I’ve  had  similar  experiences  with 
enough  firms  to  convince  me  that  the 
U.S.  is  in  the  middle  of  a  full-blown 
offshore  mania.  Looking  at  the  history 
of  manias,  from  the  construction  of 
the  railroads  during  the  1800s  to  the 
initial  boom  in  automobile  manufac¬ 
turers  to  the  Internet  bubble,  it’s  clear 
that  they  always  end  (sometimes  spec¬ 
tacularly!). 

The  mania  phase  of  offshore  efforts 
will  eventually  end,  too.  At  that  point, 
companies  will  send  work  offshore 
only  as  the  result  of  business  decisions 
that  have  been  well  thought  out.  If 
you’re  currently  feeling  pressured  to 
outsource  or  to  send  something  off¬ 
shore  immediately,  invest  the  time  that 
this  important  business  decision  de¬ 
serves  and  requires.  Only  then  can  you 
successfully  leverage  your  sourcing 
decisions  to  select  the  right  offshore 
option  and  design  a  partnership  that 
will  result  in  long-term  success. 
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www.computerworld.com/opinions 
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“At  last  I’m  free,  thanks  to 
Nokia  Mobil.  Co— 

solutions... and  it  teeis  g 

exclaims  Mary  Langer, 

office  manager. 
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Introducing  a  new  era  of  secure,  corporate  business  freedom 
and  flexibility  —  Nokia  Mobile  Connectivity  solutions. 


Employees  throughout  an  enterprise  want  to  be 
more  mobile  and  productive  —  and  this  can  be 
realized  thanks  to  Nokia  Mobile  Connectivity  solutions. 
CIOs  and  IT  managers  can  provide  the  mobility  and 
security  of  anytime,  anywhere  access  to  users  — 
while  empowering  everyone  from  the  CEO  to  field 
salesforce  teams  with  the  information  needed  to  do 
their  work  where  and  when  they  choose.  Nokia 
Mobile  Connectivity  solutions  include  a  range  of  IPSec- 
and  SSL-based  client  and  gateway  products  that 


provide  secure,  appropriate  access  to  corporate 
email  and  applications.  Enterprises  will  discover  new 
levels  of  efficiency  from  their  workforce,  while 
giving  them  greater  freedom  to  manage  their  business 
and  personal  lives.  All  solutions  are  easy  to  deploy 
and  manage,  are  based  on  award-winning  technology 
and  are  backed  by  Global  Support  and  Services. 

So  if  you  want  greater  working  freedom  that’s  IT 
approved,  go  ahead  and  escape. 
Visitwww.nokia.com/mobileaccess/americas 
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Farming  Out  IT  Security 

Outsourcing  IT  security  func¬ 
tions  can  succeed,  users  like 
David  MacLeod  say,  if  you  choose 
the  right  services  and  ask  the 
right  questions.  PAGE  38 


Security  Begins  at  Home 

Your  network  is  only  as  secure  as 
weakest  link  —  which  might 
growing  population  of 
eiecommuters.  PAGE  42 
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EDITOR’S  NOTE 


Sure,  there  are  other  enterprise 

networking  issues,  including  Gigabit 
Ethernet  and  voice  over  IP.  But  talk 
to  network  managers  these  days  and 
they’ll  say  the  No.  1  thing  keeping 
them  awake  at  night  is  the  prospect  of  security 
breaches,  from  hackers  grabbing  credit  card 
numbers  to  viruses  infecting  thousands  of 
desktop  PCs.  After  suffering  the  worst  year 
of  malicious  code  outbreaks  in  the  20-year 
history  of  computer  viruses,  it’s  not  surpris¬ 
ing  that  network  managers  are  spooked. 

Surveys  show  that  security  is  the  top  IT 
spending  priority  for  this  new  year,  and  that’s 
why  we’ve  focused  this  special  report  on  net¬ 
work  security.  But  instead  of  running  the  same 
old  advice  you’ve  read  a  dozen  times,  we  ex¬ 
amined  new  areas: 

■  Some  companies  —  figuring  security  isn’t 
their  core  competency  —  are  outsourcing  se¬ 
curity  chores  to  managed  security  service 
providers.  They  provide  experts  who  can  stay 
on  top  of  the  latest  vulnerabilities,  but  you’ve 
got  to  know  how  to  manage  the  relationship. 

■  The  technologies  used  to  monitor  and 
guarantee  network  quality  of  service  are 
merging  with  security  technologies  —  a  pow¬ 
erful  combination. 

■  The  weakest  link  in  your  corporate  net¬ 
work  is  that  laptop  sitting  on  a  table  at  Star- 
bucks  or  in  a  telecommuter’s  spare  bedroom. 

We  hope  there’s  something  here  that  will 
help  you  plug  the  gaps  and  sleep  better.  And 
if  you  have  trouble  getting  funds  to  pay  for 
tighter  security,  be  sure  to  read  ex-CIO  Doug 
Lewis’  shrewd  ideas  for  selling  security  to  the 
CFO  [QuickLink  41708].  ©  43813 


Mitch  Betts  is  Features  editor  at 
Computerworld.  He  can  be  contacted  at 
mitch_betts@computerworld.com. 


KNOWLEDGE  CENTERS  ONLINE 

For  additional  news  and  resources,  see  our  Networking 
Knowledge  Center  at: 

O  QuickLink  k1200 

www.computerworld.com 
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open  A  il  Companies  use  advanced  strategies 
RFPART  “  anc^  outside  service  providers  -  to 
boost  the  security  of  key  networks. 
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Dell  has  a  customized  IT  solution  for  your  business,  no  matter  what  business  you're  in,  or  what  size 

it  is.  From  PowerEdge1”  servers  featuring  Intel®  Xeon~  processors  to  network  support  products  like  PowerVaulf 
storage  and  PowerConnecf  switches,  Dell  offers  flexible,  high-performance  industry-standard  technologies  and 
software  solutions  that  are  just  right  for  your  particular  business  needs.  And  we'll  help  you  every  step  along  the 
way.  Whether  it’s  planning  and  design,  testing  and  validation,  systems  management,  or  our  award-winning  24x7 
service  and  support,  Dell  will  help  you  create  an  IT  infrastructure  that's  easy  to  choose,  deploy  and  manage. 
So  make  life  easy  on  yourself  and  get  a  big  advantage  over  your  competition  -  with  a  unique  IT  solution  from  Dell. 


PC  Magazine  Editors'  Choice  Award 

PowerEdge  1750 
-  October  28, 2003 


Call:  M-F  7a-8p  Sat  8a-5p,  CT 

Pricing  specifications,  availability  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  charges  extra,  and  vary  and  not  subject  to  discounts.  U.S.  Dell  Small  Business  new  purchases  only.  Dell  cannot  be  held  responsible  for  errors  in  typography  or  photography.  *This  device  has  not  been  approved  by  the 
federal  Communications  Commission  for  use  in  a  residential  environment.  This  device  is  not,  and  may  not  be,  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained.  ’Service  may  be  provided  by  third  party.  Technician  will  be  dispatched 
following  phone-based  troubleshooting.  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  sen/ice  contract.  Service  timing  dependent  upon  time  of  day  call  placed  to  Dell.  U.S.  only.  "DDR  333  memory  runs  at  320MHz  when  used  with  8OOMH2  FSB  processors.  ;1Monthly  payment  based  on 
pre-rebate  price  for  48-month  60  Days  Same-as-Cash  QuickLoan  with  46  payments  at  9.99%  interest  rate.  Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  If  you  do  not  pay  the  balance  within  60  days  of  the  QuickLoan  Commencement  Date  (which  is  five  days 
after  product  ships),  interest  will  accrue  during  those  first  60  days  and  a  documentation  fee  may  apply.  OFFER  VARIES  BY  CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER.  Minimum  transaction  size  of  $500  required.  Maximum  aggregate  financed  amount  for  the  paperless  acceptance  not  to 


File&Print  Servers 
starting  at  $399 

Affordable  servers  that  make 
managing  your  network  easy. 

NEW  POWEREDGE™  400SC  SERVER 

POWEREDGE™  650*  RACK  SERVER 

Small  Business  Value  Server 

•  Intel®  Pentium®  4  Processor  at  2.26GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  3.20GHz 
with  800MHz  Front  Side  Bus3’ 

•  256MB  333MHz  ECC  DOR  SDRAM  (Up  to  4GB) 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  240GB  of  Internal  Hard  Drive  Storage 

•  Embedded  Intel®  PRO  Gigabit”  NIC 

•  1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 

•  1-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

1U  Value  Rack  Server 

•  Intel®  Pentium®  4  Processor  at  2.60GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  3.06GHz 

•  512MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  4GB  of  SDRAM 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  240GB  of  Internal  Hard  Drive  Storage 

•  ATA100  IDE  RAID  Controller  Available 

•  Intel®  PRO  Gigabit”  NIC 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

as  lowas$18/mo„  (46  pmts”) 

^043  E-VALUE  Code: 20261-S20106g 

^ 4jyi  CQ  as  low  as  $40/mo„  (46  pmts”) 

^  |40j  E-VALUE  Code:  20261-S20114g 

Database&Web  Hosting  Servers 

starting  at  $1799 

Flexible  server  solutions  to 
manage  diverse  networks. 

POWEREDGE™  2600  TOWER  SERVER 


Multi-Use  Tower  Server 

•  Intel*  Xeon"  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon"  Processor  Capable  (Up  to  3.20GHz) 

•  512MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  6GB  of  DDR  SDRAM 

•  Dual  18GB  (15K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drives 

•  RAID  1  Included 

•  Active  ID  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service1 

•  Small  Business  Pricing 


$2349 


as  low  as  $63/mo„  (46  pruts”) 

E-VALUE  Code:  20261-S20123g 


POWEREDGE™  1750*  RACK  SERVER 


Feature-Rich  1U  Rack  Server 

•  Intel®  Xeon"  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon"  Processor  Capable  (Up  to  3.20GHz) 

•  512MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  8GB  of  DDR  SDRAM 

•  3x1 8GB  (15K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drives 

•  RAID  5  Included 

•  Active  ID  Front  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 


$2699 


as  low  as  $73/mo.,  (46  pmts”) 

E-VALUE  Code:  20261-S20126g 


Dell  offers  a  wide  range  of  reliable,  award-winning  technology,  all 
delivered  from  a  single  point  of  contact  -  and  our  expert  sales  associates 
are  there  to  help  you  find  the  technology  that's  right  for  your  business. 
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Once  you've  selected  the  right  technology,  Dell  can  help  you  get  it  up  and 
running  quickly  and  cost-effectively  with  our  custom  on-site  installation 
and  configuration  services. 


Training&Certification-Startmg  at  5100/person 


After  installation,  Dell  can  help  turn  your  employees  or  IT  staff  into  experts 
on  your  new  technology  through  a  variety  of  training  and  certification 
courses  -  helping  increase  your  business'  long-term  productivity. 


Service8(Support 


The  support  doesn't  end  at  the  sale.  Dell's  award-winning  service  and 
support  offerings  help  ensure  that  your  new  network  remains  up  and 
running  -  with  Web,  phone  or  on-site  service3  and  support. 


4-Way  Servers  I  Network  Storage  Options  ■  Network  Switches 

Build  a  powerful,  protected  network.  I  starting  at  $199  starting  at  $89 


POWEREDGE"*  6600*  TOWER  SERVER 


DELL"*  POWERVAULT™  725N  NAS 


POWERCONNECT  ”  3324*  SWITCH 


High-Speed  Mission  Critical  Tower  Server 

•  Intel®  Xeon"  Processor  at  1 ,50GHz 

•  Quad  Intel®  Xeon”  Processor  Capable  (Up  to  2.80GHz) 

•  512MB  DDR  SDRAM 

•  Up  to  32GB  266MHz  DDR  ECC  SDRAM 

•  Up  to  1752GB  Maximum  Internal  HDD  Storage 

•  Embedded  Ultra  SCSI  Adaptec®  (160MB/s)  Controller 

•  Standard  Hot-Swap  Hard  Drives,  Hot-Swap  Redundant 
Fans  and  Hot-Swap  Redundant  Power  Supplies 

•  10  Hot-Plug  PCI-X  Slots 

•  3-Yr  Next  Business  Day  On-Site  Service3 
starting  at 

as  low  as  $107/mo„  (46  pmts”) 

WUJJ  E-VALUE  Code:  20261 -S20139g 


Optimized  File  Storage  Across  the  LAN 

•  Intel®  Celeron®  Processor  at  2GHz 

•  Microsoft®  Windows®  Powered  Network  Attached  Storage 

•  384MB  DDR  SDRAM  (Up  to  3GB) 

•  4x40GB  (160GB)  IDE  Hard  Drives 

•  Up  to  1  Terabyte  of  Internal  Storage  Capacity 

as  low  as  $49/mo„  (46  pmts”) 

E-VALUE  Code:  20261-S20117g 


DELL/EMC 


If  you  have  more  than  300GB  of  storage,  visit 

www.dell.com/storage4mybiz  for  low  prices  on 
Dell/EMC  storage  arrays. 


High-Performance  Workgroup  Switch 

•  24  Fast  Ethernet  Ports  plus  2  Gigabit  Uplinks  (2  Copper 
and  2  SFP  Transceiver  Combo  Slots  for  Fiber) 

•  Stacking  Functionality  of  Up  to  192  Ports 

•  Advanced  Network  Management  and  Security  Features 

•  Industry  Standard  CLI  and  Easy-to-Use  Web  Interface 

•  3-Yr  Next  Business  Day  Advanced  Exchange 
Service33  Standard 


$449 


as  low  as  $12/mo„  (46  pmts?1) 

E-VALUE  Code:  20261 -S10104 


Solutions  that  fit. 


Easy  as 


DHL 


Click  www.dell.com/bizsolutions  Cal!  1-800-545-9674 


exceed  $25,000.  If  your  order  exceeds  $25K,  a  Dell  Financial  Services  rep  will  contact  you  to  process  your  documentation.  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary.  Not  valid  on  past  orders  or  financing.  QuickLoan  arranged  by  Of  Bank  to  Small  Business  customers 
with  approved  credit.  'This  term  indicates  compliance  with  IEEE  standard  802.3ab  for  Gigabit  Ethernet,  and  does  not  connote  actual  operating  speed  of  IGB/sec.  For  high-speed  transmission,  connection  to  a  Gigabit  Ethernet  server  and  network  infrastructure  is  required  Technician, 
replacement  part  or  unit  (depending  on  service  contract)  will  be  dispatched,  if  necessary,  following  phone-based  troubleshooting  in  advance  of  receipt  of  returned  defective  unit.  Service  may  be  provided  by  third-party  provider.  Subject  to  parts  availability,  geogrepmcal  restrictions 
and  terms  of  service  contract.  Service  timing  dependent  upon  time  of  day  call  placed  to  bell.  Defective  unit  must  be  returned.  Replacements  may  be  refurbished.  U  S.  only.  Dell,  the  stylized  E  logo.  E-Value.  PowerEdge,  PowerConnect  and  PowerVauit  are  trademarks  of  Dell  Inc.  Intel. 
Intel  Inside,  the  Intel  Inside  logo,  Intel  Xeon,  the  Intel  Xeon  logo ,  Pentium  and  Celeron  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  ©2004  Dell  Inc  All  rights  reserved. 
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Outsourcing  IT  security  functions  can  suc¬ 
ceed,  users  say,  if  you  choose  the  right  services 
and  ask  the  right  questions.  By  Matt  Hamblen 


Many  companies  outsource  some  or 
all  IT  security  responsibilities  to  a 
service  provider.  But  IT  managers 
who  have  been  down  this  road  say 
it’s  important  to  know  what  to  out¬ 
source,  what  the  conditions  should 
be  and  how  to  set  up  the  contract 
for  a  successful  outcome. 


Outsourcing  IT  security  can  work,  many  users  say. 
Successful  arrangements  can  lower  security  costs 
and  make  up  for  a  lack  of  in-house  expertise.  Users 
disagree  on  some  details,  such  as  whether  to  use 
more  than  one  managed  security  service  provider 
(MSSP),  but  they  also  offer  specific  advice  on  deal¬ 
ing  with  liability  issues,  which  services  to  outsource 
and  how  to  hold  vendors  accountable. 

“It’s  better  to  have  one  MSSP  and  to  have  done  the 
due  diligence  to  trust  them  —  and  you  are  trusting 
them  a  lot,”  says  Jeff  Nigriny,  chief  security  officer  at 
Exostar  LLC  in  Herndon,  Va.  Exostar,  an  online  ex¬ 
change  for  the  aerospace  and  defense  industries,  out¬ 
sources  some  IT  security  functions  to  TruSecure 
Corp.  in  Herndon. 

“I  like  the  idea  of  one  neck  to  grab,”  says  David 
MacLeod,  chief  information  security  officer  at  The 
Regence  Group,  a  Portland,  Ore.-based  health  insur¬ 
ance  firm  that  outsources  security  to  Counterpane 
Internet  Security  Inc.  in  Cupertino,  Calif. 


More  Than  One  Basket 

But  not  everyone  thinks  the  single-vendor  approach 
is  best.  Eric  Ogren,  an  analyst  at  The  Yankee  Group 
in  Boston,  advocates  using  more  than  one  outsourcer 
to  provide  checks  and  balances  and  even  recom¬ 
mends  switching  vendors  every  few  years.  “It  is  nev¬ 
er  good  to  have  all  of  your  security  eggs  in  one  bas¬ 
ket,”  he  says. 

And  even  though  he  works  at  a  security  services 
provider,  Joel  Pogar,  security  practice  manager  at 
Siemens  Information  and  Communication  Networks 
Inc.  in  Boca  Raton,  Fla.,  says  it’s  a  bad  idea  to  hand 
over  all  the  keys  to  one  provider.  He  says  that’s  like 
having  “the  wolf  watching  the  henhouse.” 

Customers  often  pick  only  one  security  outsourcer 
to  save  money,  Pogar  says,  because  outsourcing  more 
security  functions  to  a  single  provider  tends  to  cost 
less  than  paying  several  vendors  for  the  same  services. 

Pogar  says  customers  are  so  worried  about  keep¬ 
ing  costs  down  that  they  often  use  the  outsourcer 
that  handles  password  management  and  patch  up¬ 
grades  to  audit  their  own  work.  “I  strongly  object  to 
that,”  he  adds. 

MSSP  contracts  strictly  limit  liability.  “I  don’t  think 
there  is  any  liability  with  the  outsourcer  other  than 
me  yelling  at  them”  for  network  security  breaches  or 
other  problems,  says  Bob  Breeden,  special  agent  su- 
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Business  Continuity  Planning  Experts,  Data  Management  Specialists  and  Network  Professionals 
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April  5-8, 2004 

JW  Marriott  Desert  Ridge  Resort 
Phoenix,  Arizona 

Co-owned  and  Produced  by:  Co-owned  and  Endorsed  by; 

COM’ITTERWORLD 

SNIA ' 


Is  your  storage  strategy  focused 
on  the  future?  Want  to  learn 
important  new  strategies  from 
IT  executives  and  managers  at 
companies  like  FleetBoston 
Financial,  Pacific  Gas  &  Electric 
and  Public  Broadcasting 
Service?  Then  plan  to  be  at 
Storage  Networking  World! 


•  Storage  Management 

•  Enterprise  Infrastructure 

•  Business  Continuity 

•  Data  Management 
and  Security 

•  Emerging  Technologies 


Why  You  Should  Attend 


Benefit  From  the  Most  Comprehensive  Program 

No  other  storage  event  gives  you  a  program  so  rich  with  experiences  -  whether  they’re 
industry  and  certification  primers,  general  sessions,  tutorials,  opportunities  to  see  technologies 
at  work ...  or  the  rare  chance  to  talk  to  the  very  engineers  that  make  them  work. 

Easily  Navigate  an  Agenda  Packed 
With  Choices  and  Learning  Experiences 

No  other  storage  event  provides  an  agenda  woven  with  so  many  logical  choices  -  choices 
that  allow  you  to  tailor  your  valuable  time  to  your  very  specific  needs.  (See  the  full  agenda  at 
www.snwusa.com.) 

Get  an  Education  Endorsed  by  the  SNIA 

No  other  storage  event  offers  a  learning  experience  developed  and  sanctioned  by  the  industry’s 
most  influential  storage  association  -  highlighted  by  the  SNIA-delivered  technical  tutorial  sessions. 


w  IDC  Storage  Analyst  Briefing 
The  Impact  of  Tiered  Storage 

an  IOC  breakfast  briefing 

In  this  fast-paced  breakfast  session,  IDG’s  top 
storage  analysts  will  examine  companies'  growing 
interest  in  deploying  tiered  storage  solutions  and 
assess  its  impact  on  storage  components,  systems, 
networks,  management  and  services.  Analysts  will 
address  topics  including: 


Meet  Experts  and  Shop  in  the  Largest  Available 
Storage-specific  Solutions  Mall 

No  other  storage  event  allows  you  to  see  all  the  players  and  solution  providers  in  one  place.  It’s 
literally  your  one-stop  “solutions  mall.” 


See  SNW’s  Flagship  Interoperability  &  Solutions  Demo 


No  other  storage  event  gives  you: 

•  40-plus  SNIA  member  companies  collaborating 
on  integrated  solutions 

•  the  opportunity  to  meet 
leading  experts  and  engineers 

•  access  to  $25  million  worth 
of  proven  technology  in  action 


DEMO 

U»Hlm  Ihc  World  of  Stompo  W OR  LD 


STORAGE 

HnWMKIM 


•  Form  factor  and  drive  technologies 

®  Heterogeneous  data  replication  and  protection 

•  The  demand  for  mixed  media  arrays 

•  Network-based  storage  services 

•  Storage,  file  and  content  management 
»  Technology  migration  cycles 

•  Storage  workloads 

*This  session  is  intended  for  IT  vendors:  no  non-lDC 
analysts  permitted  in  this  special  session. 


For  more  information  and  to  register, 
visit  www.snwusa.com/print  or  call  1-800-883-9090  0  508  820  8159) 


Hear  User  Case  Studies  and  Learn  From  Industry  Experts 


DAVID  KAERCHER 

STEVE  DUPLESSK 

JOHN  QAYTHORPE 

JMMOOOE 

LARI  SUE  TAYLOR 

DOUG  BUSCH 

RICK  PHIZ 

JOHN  GREER 

ANDRE  MENDES 

JVM  DAVIS 

VP.  Information  Technology 

Founder  &  Senior  Analyst 

Director,  Systems 

Chief  Security  Officer 

SVP,  Enterprise  Security 

VP  &  CIO 

SVP  &  CIO 

Director,  IT  Infrastructure 

Chief  Technology 

SVP 

Aftanz  Life  Insurance 

Enterprise  Storage  Group 

Epsilon 

Farm  Credit  Services 
of  America 

&  Recovery 
FleetBoston  Financial 

Intel 

Marcus  &  Millichap 

Pacific.  Gas  &  Electric 

Integration  Officer 

Public  Broadcasting  Service 

SAS  Institute 

Agenda  Snapshot*  •subjecl  to  change 


For  details,  updates,  and  to  register  visit  www.snwusa.com 

Monday,  April  5 

(Pre-Conference  Activity  and  Tutorial  Sessions) 

9:30am-tl:30am 

Industry  Primer,  Career  Development  and  Skills  Development  Tracks 

1:00pm-5:30pm 

SNIA  Tutorial  Sessions 

Noort-5:00pm 

Golf  Outing  at  the  Wildfire  Golf  Club,  Faldo  Course 

7:00pm-9:00pm 

Welcome  Reception 

Tuesday,  April  6 

(General  Conference  -  Day  One) 

7:15am-8:15am 

Continental  Breakfast 

8:15am-9:15am 

Opening  Remarks  and  Visionary  Presentation 

9:15am-12:15pm 

Genera!  Sessions 

12:15pm-1:30pm 

Networking  Luncheon 

1:30pm-3:50pm 

General  Sessions 

4:00pm-5:30pm 

Technical,  Technical/Business  and  Business  Tracks 

5:30pm-8:30pm 

Expo  and  Buffet  Dinner,  Interoperability  and  Solutions  Demo 

Wednesday,  April  7 

(General  Conference  -  Oay  Two) 

7:30am-10:30am 

IDC  Breakfast  Briefing 

8:f5pm-Noon 

General  Sessions 

Noon-1:30pm 

Expo  and  Buffet  Lunch 

Noon-7:15pm 

Interoperability  &  Solutions  Demo 

1:35pm-3:35pm 

General  Sessions 

3:45pm-5:15pm 

Technical,  Technical/Business,  Business  and  SNIA  Tracks 

5:15pm-7:15pm 

Expo 

7:30pm-9:00pm 

Gaia  Evening 

Thursday,  April  8 

(Tutorial  and  Breakout  Sessions) 

7:30am-8:30am  Continental  Breakfast 

8:30am-11:45am  Technical,  Technical/Business,  Business  and  SNIA  Tracks 
11:45am  Conference  Concludes 


Enjoy  the  JW  Marriott  Desert  Ridge  Resort  in  Phoenix! 


No  other  storage  event  allows  you 
to  learn,  network  and  enjoy  the 
conference  in  such  a  relaxing, 
comfortable  and  unique  setting. 


Register  Today! 


Options  for  IT  End-Users* 

Earlybird  Registration  j 

(through  February  27) 

Full/Onsite  Registration 

(after  February  27) 

General  Conference  Package  (April  6, 7): 

(Includes  General  Conference  sessions.  Expo, 

Meals  and  Receptions) 

$895 

$1,295 

Total  4-day  Package  (April  5, 6, 7, 8): 

(Includes  General  Conference  Package:  Technical  and 
Business  Tracks;  SNIA-produced  Tutorials:  SNIA-Certification 
"Test-Ready"  Courses) 

$1,290 

$1,690 

Options  for  IT  Vendors** 

Total  4-day  Package  (April  5, 6, 7, 8):  $1,290  $1,690 

(Available  to  Sponsoring  Vendors  and  their  Resellers/Integrators:  Industry  Consultants;  and  Storage  Solutions  Implementors) 

Non-Sponsoring/Exhibiting  Vendor  Package: 

$5,000 

$5,000 

*  IT  End-Users  are  defined  as  those  who  are  attending  Storage  Networking  World  with  an  intent  (and  an  IT  spending  budget)  to  potentially 
buy/purchase  hardware/software/services/etc.  from  our  conference  sponsors  and  exhibitors.  As  such,  account  representatives/business 
development  from  any  company,  analysts,  and  anyone  else  attending  who  does  not  have  IT  purchasing  influence  within  their  organization 
are  excluded  from  the  “IT  End-User"  designation.  Enforcement  of  this  interpretation  and  policy  is  at  the  sole  discretion  of  Computerworld. 
Questions?  Please  call  1-800-883-9090. 

*  Vendors  are  encouraged  to  participate  at  Storage  Networking  World  through  sponsorship.  (Details  are  available  by  calling  Ann  Harris  at 
1-508-820-8667.)  Alternatively,  vendors  (as  well  as  venture  capitalists,  equity  analysts,  and  other  “non-IT  end-user"  professionals  as 
defined  by  Computerworld),  may  apply  for  registration  at  the  “non-sponsoring  vendor"  rate.  Determination  of  what  constitutes  a  “non¬ 
sponsoring  vendor"  registration  is  at  the  sole  discretion  of  Computerworld.  You  will  also  be  required  to  adhere  to  our  non-solicitation  policy 
posted  on-site. 


“Best  Practices  in  Storage 
Awards  Program 


Pre-Conference 
Golf  Outing 


Travel  and 
Accommodations 


Submit  your  nomination  today  at 

www.snwusa.com 

or  email  Nanette  Jurgelewicz  at 
nanetteJurgelewicz@computerworld.com 

Awards  Ceremony:  Wednesday, 

April  7, 3:05pm,  SNW  Main  Stage 


iiiBEST 

PRACTICES  IN 

STORAGE 

AWARDS  PROGRAM 


Complimentary  for  Registered  IT  End-Users 

The  Pre-Conference  Golf  Outing  at  The  Wildfire  Golf  Club,  Faldo  Course 
located  at  the  JW  Marriott  Desert  Ridge  Resort,  is  complimentary  ($165 
value)  for  registered  IT  End-Users  (other  participants,  including  sponsors 
and  vendors,  may  play  on  an  “as  available"  basis  and  are  responsible  for 
all  applicable  golf  outing  expenses). 

For  details:  contact  Michael  Meleedy  at  1-508-820-8529 


IDG  Travel  is  the  official  travel 
company  for  Storage  Networking 
World.  They  are  your  one-stop  shop 
for  exclusive  discounted  rates  on  travel  and  hotel 
accommodations. 

To  reserve  your  accommodations: 

visit  www.etcerrtral.com  OR 

call  1-800-340-2262  (or  1-508-820-8686) 


For  more  information  and  to  register, 
visit  www.snwusa.com/print  or  call  1-800-883-9090  <kk» m -eisa) 


S 


"...  the  Interoperability  &  Solutions  Demo 
gives  us  a  flavor  for  the  technology  that’s 
coming  out ...  a  chance  to  ‘kick  the  tires’ 
and  talk  to  vendors  ..." 


is  the 


MichKtOwdc 
Duecto/.  Storage  Services 
MieUen  Meta  Rmarcb 


m  l 


'  “...  I  enjoy  the  opportunity  to 
my  experiences  and  hear  wf 
other  people  are  doing ...” 

Bob  Matherj 
Second  VP.  IT  Operations, 

Guardem  Lie  Insurance 


Application  for  Conference  Registration 


April  5-8, 2004 

JW  Marriott  Desert  Ridge  Resort 
Phoenix,  Arizona 


Co-owned  &  Produced  by: 

COMPUTERWORLD 


Co-owned  &  Endorsed  by: 


Reserve  your  Accommodations  at 
www.etcentral.com  or  call: 
1-800-340-2262  or 
Email:  eventhouslng@idg.com 


Registration  questions?  Please  call  1-800-883-9090  or  Email:  snwreg@computerworld.com 

Visit  our  website  at:  www.snwusa.com/print 


Options  for  IT  End-Users* 

Earlybird 

Registration 

(Available  through  February  27) 

Full/Onsite 

Registration 

(after  February  27) 

General  Conference  Package  (April  6, 7): 

(Includes  General  Conference  sessions.  Expo.  Meals  and  Receptions) 

□$895 

□$1,295 

Total  4-day  Package  (April  5, 6, 7, 8):  □$1,290 

(Includes  General  Conference:  Technical  and  Business  Tracks;  SNIA-produced  Tutorials;  SNIA-Certiflcation  “Test-Ready”  Courses) 

Options  for  IT  Vendors** 

□$1,690 

Total  4-day  Package  (April  5, 6, 7, 8):  ^$1,290 

(Available  to  Sponsoring  Vendors  and  their  Resellers/Integrators;  Industry  Consultants;  and  Storage  Solutions  Implementors) 

□$1,690 

Non-Sponsoring/Exhibiting  Vendor  Package: 

□$5,000 

□$5,000 

*  IT  End-Users  are  defined  as  those  who  are  attending  Storage  Networking  World  with  an  intent  (and  an  IT  spending  budget)  to  potentially  buy/purchase  hardware/software/services/etc.  from  our  conference  sponsors  and  exhibitors.  As 
such,  account  representatives/business  development  from  any  company,  analysts,  and  anyone  else  attending  who  does  not  have  IT  purchasing  influence  within  their  organization  are  excluded  from  the  “IT  End-User"  designation. 
Enforcement  of  this  interpretation  and  policy  is  at  the  sole  discretion  of  Computerworid.  Questions?  Please  call  1-800-883-9090. 


**  Vendors  are  encouraged  to  participate  at  Storage  Networking  World  through  sponsorship.  (Details  are  available  by  calling  Ann  Harris  at  1 -508-820-8667.)  Alternatively,  vendors  (as  well  as  other  “non-IT  end-user"  professionals  as  defined 
by  Computerworid),  who  choose  not  to  sponsor  may  apply  for  registration  at  the  “non-sponsoring  vendor"  rate.  Determination  of  what  constitutes  a  'non-sponsoring  vendor’  registration  is  at  the  sole  discretion  of  Computerworid.  You  will  also  be 
required  to  adhere  to  our  non-solicitation  policy  posted  on-site. 


Registration  Information:  (This  section  must  be  completed  in  order  to  process  your  application) 


First  Name: 

Middle  Initial: 

Last  Name: 

Title: 

Company: 

Street  Address: 

City: 

State/Prov: 

Country: 

Phone  Number: 

Suite,  Apt.,  etc.:. 
Zip/Postal  Code: 
Extension: _ 


Fax  Number:, 


E-Mail  Address: 


Corporate  Website: _ □  Special  Services  Required?  (Please  attach  written  description) 

Would  you  like  to  receive  information  about  the  golf  outing  on  Monday.  April  5th?  □  Yes  □  No _ 

Attendee  Profile  :  (This  section  must  be  completed  in  order  to  process  your  application)  j 


Payment  Method 


SECTION  A  -  FOR  IT  END-USERS  ONLY 

Your  Business/Industry: 

□  Transportation/Utilities 

□  Mining/Oil/Gas 

□  Media/Publishing 

□  Banking/Finance/Insurance 

□  Telecommunications 

□  Wholesale/Retail  (Non-IT) 

□  Advertising/Marketing/Public  Relations 

□  Education 

□  Government/Military 

□  Healthcare 

□  Manufacturing  (Non-IT) 

□  Other 

Your  Job  Title/Function: 

□  CEO/COO/Chairman/President 

□  CIO/CTO 

□  CFO/Controller/Treasurer 

□  VP/GM/Director 

□  IS/IT  Director/Manager 

□  Other  IS/IT  Department  Manager/Supervisor 

□  Other  Corporate/Business  Manager 

□  Corporate/Business  Staff 

□  Consultant  (Internal)  or  Other 

□  Sales/Marketing/Product  Staff 

□  Engineering  Staff 

□  Press 


The  one  item  that  best  describes  your 
Involvement  In  the  IT  purchase  process: 

□  Authorize  the  purchase 

□  Approve  the  budget 

□  Initiate  the  purchase 

□  Evaluate/recommend  products,  brands,  ven¬ 
dors 

□  identify/establish  the  need  to 
purchase 

Employees  In  your  entire  Company: 

□  10,000- 

□  5,000-9,999 

□  1.000  -  4,999 

□  500-999 

□  100-499 

□  Less  than  100 

What  Is  the  estimated  annual  revenue  of 
your  entire  organization?: 

□  $10  Billion* 

□  $1  Billion  -  $9.9  Billion 

□  $500  Million -$999  Million 

□  $100  Million  -  $499  Million 

□  Less  than  $100  Million 


Your  organization's  annual  IT/1S  budget  for 
all  IT/IS  products): 

□  Over  $1  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million  -  $499  Million 

□  $10  Million  -  $99  Million 

□  $1  Million- $9.9  Million 

□  Less  than  $1  Million 

Annual  company  IT  budget 
(Stonge  products  and  sendees): 

□  Over  $1  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million  -  $499  Million 

□  $10  Million- $99  Million 

□  $1  Million  -  $9.9  Million 

□  Less  than  $1  Million 

Yourpersonai  IT  spending  authority 
(All  IT  products  and  services): 

□  Over  $1  Billion 

□  $500  Million -$999  Million 

□  $100  Million  -  $499  Million 

□  $10  Million  -  $99  Million 

□  $1  Million- $9.9  Million 

□  Less  than  $1  Million 

Your  personal  IT  spending  authority 
(Storage  products  and  services): 

□  Over  $1  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million  -  $499  Million 

□  $10  Million  -  $99  Million 

□  $1  Million- $9.9  Million 

□  Less  than  $1  Million 


SECTION  B  -  FOR  IT  VENDORS  ONLY 
Your  Business/Industry: 

□  VAR/VAD/ASP/System  Integrator 

□  Industry  Consultant/Storage  Solution  Integrator 

□  Manufacturing  (IT) 

□  Computer  Retaller/Dealer/Wholesaler 

□  Software  Development  (Storage) 

□  Other  Computer  Related  (Non-Storage) 


Your  Job  Title/Function: 

□  CEO/COO/Chairman/President 

□  CFO/Controller/Treasurer 

□  VP/GM/Director 

□  Sales/Marketing/Product  Staff 

□  CIO/CTO/Other  IS/IT  Manager 

□  Engineering  Stall 

□  Press 


□  Check  (checks  must  be  received  by  March  19, 2004  payable  to: 
Computerworid) 

Mail  to:  Computerworid,  Attn:  Pam  Malingowski, 

500  Old  Connecticut  Path.  Framingham,  MA  01701 

□  American  Express  □  VISA  □  MasterCard 
Account  Number: 


Expiration  Date: _ 

Card  Holder  Name: 


Signature  of  Card  Holder: 


Cancellation  Policy  f All  ot  the  below  reouire  written  notification.) 

In  the  event  of  cancellation,  the  registrant  has  three  options: 

1)  He  or  she  may  substitute  another  attendee  for  this  conference. 

2)  He  or  she  may  transfer  this  registration  to  the  Storage  Networking  World 
Fall  2004  conference. 

3)  The  registration  fee  will  be  refunded,  less  a  $250  service  charge  (if 
written  notice  is  received  by  March  19, 2004). 

Please  send  cancellation  requests  via  email  to 
snwreg@computerworld.com 


Please  fax  this  completed  application  to  508-820-8254 


www.computerworld.com 


KNOWLEDGE  CENTER  NETWORKING 
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pervisor  for  the  Florida  Department  of  Law  Enforce¬ 
ment  in  Tallahassee.  Breeden  uses  TruSecure  to  pro¬ 
vide  alerts  of  a  virus  or  new  vulnerability. 

“You  won’t  get  anybody  to  say  they’ll  take  respon¬ 
sibility  if  you  have  damages”  from  a  security  failure, 
adds  Paul  Prentice,  manager  of  security  and  directo¬ 
ry  services  at  office  furniture  maker  Steelcase  Inc.  in 
Grand  Rapids,  Mich.  Steelcase  outsources  IT  securi¬ 
ty  to  Ubizen  Inc.  in  Reston,  Va.  The  usual  position  of 
outsourcers,  he  says,  “is  more  of,  ‘We’ll  work  with 
you  and  provide  monitoring  and  detection.’ . . .  But 
that’s  the  point  where  they  draw  the  line.” 

Organizations  do  have  alternatives  beyond  the 
limited  liability  that  outsourcers  offer,  however.  Ni- 
griny  says  Exostar  will  get  back  no  more  than  what 
it  pays  TruSecure  for  outsourcing  should  something 
go  wrong  in  a  given  month.  But  he  also  has  hacker’s 
insurance  to  protect  against  losses  in  Exostar’s  inter¬ 
nal  network.  And  because  he  has  outsourced  to 
an  MSSP,  he  receives  a  discount  on  that  insurance, 
Nigriny  says. 

MacLeod  agrees  that  an  outsourcer’s  liability  is 
limited,  but  he  says  his  vendor  was  helpful  when  a 
problem  came  up.  In  2001,  Counterpane  helped  de¬ 
fend  the  credibility  of  Regence’s  security  logs  shortly 
after  their  outsourcing  arrangement  began,  he  says. 
Two  Regence  employees  were  fired  for  compromis¬ 
ing  the  firm’s  network,  and  both  filed  wrongful  termi¬ 
nation  claims.  The  former  employees  lost  their  cases 
partly  because  the  security  logs  were  accepted  as 
evidence  with  the  backing  of  Counterpane,  he  recalls. 

To  make  up  for  liability  limitations,  Ogren  sug¬ 
gests  companies  demand  upfront  that  the  outsourcer 
commit  in  the  contract  to  reasonable  staffing  levels 
with  qualified  workers  and  to  agreed-upon  levels  of 
responsiveness  to  security  events. 

Steelcase’s  Prentice  says  he  scoured  resumes  of 
outsourcers’  staffs  in  the  selection  process  to  help 
make  up  for  the  lack  of  legal  accountability. 

Who  Handles  What 

Users  and  analysts  say  that  outsourcing  security  du¬ 
ties  such  as  the  monitoring  and  management  of  fire¬ 
walls  and  intrusion-detection  systems  (IDS)  doesn’t 
mean  walking  away  from  internal  responsibilities. 
“You  cannot  outsource  risk,”  says  Ogren.  “You 
should  never  outsource  everything.” 

In  a  typical  arrangement,  the  outsourcer  should 
create  guidelines  for  how  involved  the  service  should 
be,  users  say.  In  every  case,  they  say  the  customer 
should  initially  maintain  sign-off  authority  on  securi¬ 
ty  actions.  Only  when  a  security  action  becomes  rou¬ 
tine  should  the  customer  let  the  MSSP  execute  it 
without  review. 

Prentice  warns  against  picking  an  outsourcer  that 
sets  up  the  decision-making  process  in  a  “very  rigid 
and  structured  way.”  Steelcase  and  Ubizen  have 
agreed  on  three  levels  of  change  control:  standard, 
unusual  and  problematic.  When  changes  are  request¬ 
ed  in  the  security  infrastructure  or  policy  that  are  la¬ 
beled  “problematic,”  Ubizen  is  saying,  “You  shouldn’t 
do  this  because  it  will  put  you  at  risk.”  And  at  that 
point,  Prentice  is  informed  about  the  process.  “I  do 
get  the  ultimate  sign-on  with  a  security  change,  de¬ 
pending  on  the  risk,  and  I  decide  what  does  this 
mean  to  the  business,”  he  says. 

Deciding  what  to  include  in  an  outsourcing  deal 


10  Questions 
To  Ask  a  Managed 
Security  Service 
Provider 

Before  signing  on  the  dotted  line, 
experts  suggest  asking  MSSPs 
these  questions: 

o 

How  do  you  take  raw  data  from  the  network 
and  correlate  events  to  determine  whether 
an  attack  is  under  way?  Do  you  use  off-the- 
shelf  tools  or  your  own  technology? 

o 

May  I  see  the  resumes  of  the  staffers 
who  will  be  working  on  my  account? 

o 

What  staff  screening  and  hiring 
practices  do  you  use? 

o 

Do  you  have  references  from  companies  that 
are  the  same  size  as  my  company,  in  the 
same  industry  or  in  the  same  area? 

o 

How  will  you  charge  for 
services  out  of  scope? 

o 

How  will  communications  between 
organizations  be  managed? 

o 

What  processes  will  be  used  to 
control  access  to  devices  and  logs? 

o 

What  auditing  is  in  place  for  access/ 
change  control  and  reporting? 

o 

Do  you  provide  phone  or  in-person 
support  for  security  incident  remedies? 

What  are  your  disaster 
recovery  safeguards? 


varies  by  organization.  For  example,  at  health  insurer 
Regence,  federal  HIPAA  requirements  have  led  to  an 
evaluation  of  what  security  tasks  can  be  outsourced. 
“Because  we  are  under  HIPAA,  I  am  the  designated 
jailbird,  so  I’m  not  comfortable  abdicating  the  pro¬ 
tection  of  the  electronic  perimeter,  our  technology 
safeguards  or  administrative  procedures,”  says 
MacLeod.  “I’m  not  going  to  let  somebody  else  do 
that.”  As  a  result,  Counterpane  monitors  the  perime¬ 
ter  but  doesn’t  manage  it  without  asking  First. 

Nigriny  says  no  client  in  an  outsourcing  deal 
should  ever  give  away  security  control  of  infrastruc¬ 
ture  pieces  or  anything  of  competitive  advantage.  “If 
you  are  an  ASP  and  host  applications,  don’t  out¬ 
source  security  of  those  to  an  MSSP,”  he  says. 

Because  security  is  a  differentiating  factor  for  Ex¬ 
ostar,  the  company  doesn’t  want  to  outsource  securi¬ 
ty  involving  its  online  exchange  to  TruSecure.  In¬ 
stead,  TruSecure  provides  monitoring,  firewall  and 
IDS  management  and  maintenance  for  Exostar’s  cor¬ 
porate  network  but  not  its  hosted  applications.  “The 
idea  is  that  you  want  to  carry  out  the  management 
directives,”  Nigriny  adds. 


Earning  Trust 

Becky  Autry,  CIO  at  the  U.S.  Olympic  Committee 
in  Colorado  Springs,  says  the  outsourcing  relation¬ 
ship  can  evolve,  as  the  vendor  proves  its  abilities. 
The  USOC  uses  a  broad  spectrum  of  security  ser¬ 
vices  from  AT&T  Corp.,  partly  because  it’s  a  small 
nonprofit  and  its  IT  staffers  “wear  a  lot  of  hats,” 
Autry  says. 

When  the  USOC  started  using  AT&T  in  2000, 
AT&T  had  to  notify  USOC  staff  before  making  any 
changes  to  network  security,  but  AT&T  now  has  the 
authority  to  make  changes  in  the  middle  of  the  night 
without  prior  approval  “if  they  see  the  potential  for 
danger,”  says  Autry. 

Dan  Klinger,  manager  of  information  security  at 
Hershey  Foods  Corp.  in  Hershey,  Pa.,  uses  a  Web- 
based  auditing  tool  from  Qualys  Inc.,  an  MSSP  in 
Redwood  Shores,  Calif.,  but  no  other  services.  “We 
want  to  hold  onto  most  security  in-house,  since  we 
know  our  environment  best  and  how  to  prioritize 
our  vulnerabilities,”  Klinger  says.  “I’m  not  close- 
minded  to  the  concept  of  outsourcing  security,  but 
overall  I’m  very  cautious.” 

Users  and  analysts  say  the  best  way  to  ensure  ac¬ 
countability  with  an  outsourcer  is  to  set  terms  in  the 
contract  that  dictate  how  often  and  for  what  purpos¬ 
es  reporting  will  take  place  and  to  then  study  those 
reports  carefully. 

Kelly  Kavanagh,  an  analyst  at  Gartner  Inc.,  adds 
that  asking  for  Web-based  reporting  tools  is  also  de¬ 
sirable  for  the  capability  to  periodically  scan  the  net¬ 
work  perimeter  to  ensure  that  outsourced  devices 
are  configured  correctly. 

Some  users  set  up  their  own  monitoring  tools.  For 
example,  Regence’s  security  logs  are  generated  by  its 
own  systems,  and  Regence  employees  periodically 
review  security  events  to  see  how  Counterpane  han¬ 
dled  them.  MacLeod  has 
a  five-person  staff  that 
does  audit  and  compli¬ 
ance  checking.  “They  are 
my  friendly  hackers,”  he 
says.  ©  43822 


6RILUNG  THE  MSSP 

Tips  for  evaluating  managed 
security  service  providers: 
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Merging  the  two  technologies  gives 
users  multiple  lines  of  defense  against 
network  attacks.  By  Joanie  Wexler 


Until  recently,  quality-of- 
service  and  network  security 
technologies  lived  in  separate 
worlds.  But  they  have  some¬ 
thing  important  in  common. 
Certain  types  of  attacks  on  network  se¬ 
curity  affect  application  performance 
—  and  ensuring  application  perfor¬ 
mance  is  the  main  mission  of  QoS. 

So  the  two  technology  camps  have 
begun  joining  forces  to  stave  off  net¬ 
work  attacks  that  degrade  or  halt  net¬ 
work  performance. 

The  enemies  at  the  gate  are  worms, 
viruses,  Trojan  horse  programs  and  de- 
nial-of-service  attacks.  These  invasions 
rapidly  replicate  pieces  of  code  or  ap¬ 
plication  service  requests  to  the  point 
where  they  overload  a  system’s  memo¬ 
ry  or  CPU. 

Firewalls  and  intrusion-detection 
systems  (IDS)  are  typically  used  to 
identify  unauthorized  traffic  based  on 
known  malicious  bit  patterns  or  limit¬ 
ed  parameters  in  an  IP  header.  At  the 
same  time,  sophisticated  traffic-man¬ 
agement  capabilities  —  available  as  ap¬ 
pliances  and  as  software  capabilities  in 
network  routers  —  recognize  traffic 
based  on  application,  protocol,  user, 
media  access  control  address,  IP  ad¬ 
dress  and  other  granular  variables. 

Network  implementers  are  recogniz¬ 
ing  common  ground  and  the  benefits 
of  some  integration  work.  For  example, 
security  and  QoS  products  already  tap 
common  access  control  lists  (ACL)  for 
rules  on  how  to  treat  traffic.  And  if  fur¬ 
ther  integrated,  an  IDS  that  discovers 
abnormal  traffic  patterns  could  alert  a 
QoS  system  to  treat  that  traffic  accord¬ 
ing  to  those  rules. 

“The  fact  that  firewalls,  IDSs  and 
QoS  overlap  gives  you  multiple  ways 
to  find  and  fight  infections,”  says  Joe 
Walton,  a  principal  at  VistaOne  IT 
Services,  a  value-added  network 


reseller  based  in  Richmond,  Va. 

QoS’s  primary  purpose  is  to  manage 
the  performance  of  multiple  applica¬ 
tions  contending  for  bandwidth  on  a 
converged  network  link.  To  do  this,  QoS 
products  identify  what  traffic  is  on  the 
network,  then  classify  and  treat  it  ac¬ 
cording  to  the  enterprise’s  network  pol¬ 
icy.  For  example,  you  could  tune  your 
network  to  “always  allocate  20Kbit/sec. 
to  Citrix,”  “limit  streaming-media  traf¬ 
fic  to  128Kbit/sec.”  and  “block  all  Kazaa 
traffic”  to  give  the  various  traffic 
streams  their  appropriate  due. 

Once  you  have  the  power  to  identify 
and  control  traffic  this  way,  you  can 
apply  QoS  to  also  detect  traffic  anom¬ 
alies,  then  set  policies  to  automatically 
mitigate  their  effects.  A  firewall  is  a 
first  line  of  defense,  usually  deployed 
at  the  WAN  edge  to  permit  or  deny 


access  based  on  ACLs.  An  IDS  moni¬ 
tors  packet  streams  in  the  background 
in  search  of  traffic  patterns  that  have 
already  been  identified  as  malicious  — 
then  alerts  you  if  it  finds  one. 

QoS  can  do  a  little  of  each  function, 
while  also  enabling  network  forensics 
and  immediate  treatment  of  suspicious 
traffic,  says  Walton.  “QoS  helps  you 
track  down  where  an  infection  origi¬ 
nated  within  your  internal  network. 
Then  you  can  go  back  and  alert  that 
site  that  they  are  infecting  everybody,” 
Walton  explains. 

The  University  of  California,  Irvine, 
uses  Packeteer  Inc.’s  PacketShaper  QoS 
appliance  in  part  for  this  capability. 

“PacketShaper  identifies  where  [an 
unnaturally  large  volume  of]  connec¬ 
tions  are  coming  from,”  says  Ted  Ro¬ 
berge,  manager  of  residential  network 


How  Can  QoS  ‘See’  Encrypted  Tr< 


IN  ADDITION  to  mitigating  the  effects 
of  network  and  host  bombardments  by 
viruses  and  denial-of-service  attacks, 
traffic  prioritization  and  encryption 
technologies  will  eventually  have  to 
exchange  information. 

Enterprises  embracing  voice  over  IP, 
for  example,  will  someday  extend  the 
capability  to  remote  branch  offices  and 
telecommuters  to  maximize  their  invest¬ 
ments.  Yet  many  remote  sites  need  to 
1  averse  an  encrypted  WAN  link,  or  vir¬ 
tual  private  network  (VI  I),  to  their 
headquarters  site. 

One  challenge  of  merging  QoS  and 
security  technologies  is  that,  by  defini¬ 
tion,  if  a  packet  is  encrypted,  a  QoS 
mechanism  can’t  look  deeply  into  it  to 
identify  and  classify  it.  Encryption  and 
QoS  require  integration.  Otherwise,  re¬ 
mote  users  will  have  to  settle  for  either 


the  security  benefits  of  encryption  or  the 
performance  perks  of  QoS,  a  choice  that 
isn’t  likely  to  cut  the  mustard. 

Early  signs  of  prog;  is:  here  include  a 
software  capability  in  Cisco  routers 
called  V3PN,  for  “voice  and  video 
VPNs.”  This  integrated  QoS/securii 
technology  reportedly  overcomes  he 
challenge  of  IPsec  VPNs.  The  feature 
copies  QoS  priority  markings  to  the  new 
outside  IPs  :  tunnel  header  before 
transmission  over  the  WAN. 

Similarly,  Proficient  Networks  Inc.,  a 
company  that  makes  a  route  oi  miza- 
tion  appliance  for  dual-  or  multihomed 
Internet  connections,  recently  enhanced 
its  product  with  the  ability  to  prioritize 
outbound  network  traffic  by  application 
type  before  placing  it  into  an  IPsec- 
encrypted  tunnel. 

-Joanie  Wexler 


services.  “I  can  block  or  shape  those  IP 
addresses  down  to  a  tiny  amount  of 
bandwidth  to  minimize  the  impact  on 
network  and  server  resources.” 

Larry  Roth,  vice  president  of  Only- 
Internet.Net,  an  Internet  service 
provider  in  Bluffton,  Ind.,  has  used 
Allot  Communications  Ltd.’s  Net- 
Enforcer  QoS  appliance  in  a  similar 
manner:  to  fight  viruses.  “When  Blas¬ 
ter  came  out  on  [TCP]  Port  135,  we  put 
in  rules  and  regulations  for  minimizing 
traffic  that  could  use  that  port,”  ex¬ 
plains  Roth,  who  also  uses  firewalls 
and  IDSs.  “We  saw  an  immediate  40% 
drop  in  Blaster  being  spread.” 

Oded  Nahum,  a  senior  systems  engi¬ 
neer  at  Allot,  says  his  company’s  gear 
has  been  used  quite  a  bit  by  Internet 
service  providers  lately  for  handling 
network-aware  viruses.  “ISPs  have 
such  a  broad  reach,  a  virus  can  cause  a 
lot  of  damage”  if  not  checked,  he  says. 

Interim  Protection 

QoS  products  often  serve  as  “interim” 
defenses  until  viruses  become  known, 
IDSs  are  programmed  to  identify  them, 
and  patches  are  created  and  deployed 
on  host  systems. 

Amir  Khan,  a  director  of  product 
marketing  at  Cisco  Systems  Inc.,  says, 
“QoS  plays  a  major  security  role  here. 
When  Kazaa  [a  peer-to-peer  file-shar¬ 
ing  application]  hit  enterprise  net¬ 
works,  for  example,  it  took  many  days 
to  develop  and  implement  patches.” 

Cisco’s  Network-Based  Application 
Recognition  classification  engine, 
however,  was  able  to  flag  Kazaa.  Users 
could  then  decide  to  give  it  the  lowest 
priority  or  drop  it,  he  says. 

Adding  QoS  to  the  security  arsenal 
provides  another  line  of  defense 
against  network  attacks  that  affect  per¬ 
formance.  Meanwhile,  further  integra¬ 
tion  will  enable  QoS  and  security  fea¬ 
tures  to  communicate  with  one  anoth¬ 
er.  When  a  network  policy  configured 
using  one  feature  can  trigger  appropri¬ 
ate  corresponding  behavior  in  the 
other  —  capabilities  likely  to  become 
available  next  year  —  this  integration 
and  automation  will  enhance  and  sim¬ 
plify  the  network  administrator’s  abili¬ 
ty  to  implement  policy-based  rules  to 
manage  network  behavior.  ©  43454 


Wexler  is  a  freelance  writer  in  Cali¬ 
fornia’s  Silicon  Valley .  Contact  her 
at  joanie@jwexler.com. 


SECURITY  LEXICON 

A  glossary  of  terms  related  to  security  and  network 
service  quality: 

OQuickLink  43453 

www.computerworld.com 


f 


;  • 


BY  NOON,  THE  IT  DEPARTMENT  WILL  BE 
ALERTED  TO  750  DIFFERENT  PROBLEMS. 


CAN  YOUR  SOFTWARE  TELL  YOU  WHICH  ONE? 


Business  Service  Management  solutions  from 
BMC  Software®  can.  They  automatically  prioritize 
IT  management  issues  according  to  business 
importance  and  alert  you  before  potential  problems 
can  impact  performance.  They  also  let  you  prioritize 
IT  investments  and  resource  allocations  to  optimize 
your  business  results.  So  you  can  solidly  align  your 
IT  investments  with  strategic  business  goals.  And 


protect  the  delivery  of  vital  business  services  like 
online  transactions,  sales,  customer  service,  logistics 
and  distribution — whatever  is  most  critical  to  your 
company's  success.  It's  enterprise  management 
software  that  works  with  your  existing  IT  resources 
to  let  you  manage  what  matters  from  a  business 
perspective  and  execute  with  precision.  Find  out 
how  at  www.bmc.com/bsm50 


<bmcsoftware 
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Your  network  is  only  as  secure  as 
your  weakest  link  —  which  might 
he  your  growing  population  or 
telecommuters.  By  Joanie  Wexler 

Security 


Begins  at  Home 


Like  it  or  not,  your  corporate 
network  will  soon  be  every¬ 
where  —  maybe  even  in  some 
employees’  kitchens  or  guest 
bedrooms.  It  might  also  reach 
into  airports,  hotels  and  McDonald’s. 
Some  users  might  even  access  the  net¬ 
work  from  their  local  commuter  trains. 

Accompanying  all  this  extended  ac¬ 
cess,  though,  are  heightened  security 
risks.  How  do  you  mitigate  them? 

First,  IT  and  executive  decision¬ 
makers  must  define  who  should  have 
access  to  what  and  set  rules  that  gov¬ 
ern  user  network-connection  attempts. 
Then,  IT  can  implement  technology  to 
enforce  those  rules  in  an  automated 
fashion. 

For  example,  Knowles 
Electronics  LLC,  a  maker 
of  microphones  and  re¬ 
ceivers  for  the  hearing 
health  industry  in  Itasca, 

Ill.,  has  a  policy  to  restrict 
remote  user  access  to 
servers  hosting  applications 
they  actually  need. 

“We  got  hit  with  the 
Blaster  worm  when  a  home  user 
tapped  into  a  machine  he  didn’t  really 
require  access  to,”  explains  Rich  Base, 
technology  director. 

For  its  international  mobile  work¬ 
force  of  about  200,  Knowles  uses  ser¬ 
vices  provided  by  Fiberlink  Communi¬ 
cations  Corp.,  which  installs  virtual 
private  network  (VPN)  encryption 
software,  personal  firewalls  and  anti¬ 
virus  software  on  user  devices  and 
centrally  enforces  security  policies  for 
the  company.  Knowles  sets  its  own 
rules  dictating  the  conditions  under 
which  users  can  connect. 

‘  The  policy  might  be  that  devices  on 
dial-up  connections  must  have  a  per¬ 
sonal  firewall  configured  a  certain  way 
and  updated  within  the  past  three 


TEST  YOUR 
KNOWLEDGE 

How  prepared  are  you  to 
secure  remote  workers?  Take 
our  online  quiz  to  find  out: 
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days,”  says  Base.  “If  Fiberlink  doesn’t 
discover  those  conditions  when  a  user 
tries  to  connect,  it  rejects  the  access.” 

Protect  Data  in  Transit 

It’s  essential  to  use  VPN  encryption  to 
protect  data  on  a  public  network,  says 
Dave  Passmore,  research  director  at 
Burton  Group  in  Midvale,  Utah.  IPsec 
and  browser-based  Secure  Sockets 
Layer  (SSL)  are  the  primary  encryp¬ 
tion  technologies  for  avoiding  data 
theft  by  eavesdropping,  or  “sniffing.” 

“SSL  is  clientless,  so  it  is  coming  on 
strong.  It  also  works  great  through 
NAT  [Network  Address  Translation] 
routers,  which,  increasingly,  employees 
are  using  at  home,”  notes  Passmore. 

NAT  translates  private  IP 
addresses  into  a  single, 
globally  unique  IP  address 
for  routing  across  the  pub¬ 
lic  Internet.  Passmore  rec¬ 
ommends  NAT-enabled 
routers  for  telecommuters 
to  mask  their  home  com¬ 
puters’  IP  addresses  from 
viruses  and  address- 
spoofers  lurking  on  the  Internet. 

LandAmerica  Financial  Group  Inc. 
in  Richmond,  Va.,  uses  both  SSL  and 
IPsec  for  its  remote  workforce.  “Using 
SSL,  a  home  user  only  needs  access  to 
the  Internet  and  a  Web  browser,”  ex¬ 
plains  Matt  Matin,  a  security  and  sys¬ 
tems  engineer  at  LandAmerica.  “IPsec 
requires  special  client  software,  but  its 
strength  is  that  it  also  works  with  non- 
Web-based  applications.” 

Avoid  Internet  Infections 

An  oft-cited  security  challenge  is  the 
risk  that  remote  devices  will  pick  up 
viruses  and  worms  from  the  Internet 
and  then  infect  the  corporate  network. 

Base  says  his  company  is  “trying  to 
be  more  aggressive”  about  patching 


host  software  with  vulnerability  fixes 
as  they  become  available. 

Keeping  up  with  patches  is  a  must, 
but  it  can  be  a  challenge.  So  host-based 
intrusion-prevention  software  and  net¬ 
work  intrusion-detection  systems  can 
work  at  corporate  sites  in  the  interim 
to  ferret  out  unusual  protocol  behav- 
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Data  theft  by 
sniffing  data  in  transit. 

Encrypt  dafa  In 

transit  using  VPN  encryption  technology, 
such  as  IPsec  or  SSL. 

RISK.  Data  theft  by 
network  break-in. 

Give  remote 

users  access  only  to  services  they  need. 

Set  strict  password/authentication 
policies  and  enforce  them, 

Data  theft  by  stolen  or 
lost  computing  device. 

:  .  .  Encrypt  highly 

>  '.fidential  data  on  hard  d rives  of 
key  executives. 

i  Enforce  application-  or  dwtetasf 
user  log-on  password  protection.. 

Worms,  viruses  and  Trojan 
horse  programs  picked  up  from  the 
Internet,  then  spread  from  remote 
devices  to  the  corporate  network. 

H0W  TO  FIGHT  Install  NAT- 
enabled  routers  lot  home  users. 

Consider  home  lliiifmt  access  via 
corp:0:ratBT:onnectiOB.and'ffeewall 
(no  split  tunneling). 

Install  personal  Jm  fl"  mu 
software  on  home  and  mobile  computers-. 
■  Update  host-based  software  patches. 
-Consider  fefist-bBseil*«stai- 
pfevfiWfioBSQftware: 


iors  and  known  malicious  bit  patterns. 

In  addition,  “Truly  paranoid  people 
do  not  allow  split  tunnels  for  home 
users,”  says  Passmore.  Split  tunneling 
involves  a  single  home-user  connec¬ 
tion  supporting  both  an  encrypted  tun¬ 
nel  for  corporate  network  access  and 
an  unencrypted  direct  link  to  the  pub¬ 
lic  Internet.  A  more  secure  alternative 
is  to  route  all  remote-user  Internet 
links  through  the  corporate  network. 

But  it  can  be  costly  to  backhaul  all 
traffic  through  the  enterprise  site.  And 
the  corporate  firewall  will  need  greater 
processing  capabilities. 

Passmore  warns  companies  that  al¬ 
low  split  tunneling  to  make  sure  that 
the  home  computer  has  antivirus  soft¬ 
ware  and  that  it’s  up  to  date. 

“Remote  polling  for  this  purpose  is 
now  a  major  part  of  the  network  man¬ 
ager’s  job,”  he  says. 

Get  Back  to  Basics 

Enterprise  use  of  effective  password 
protection  is  crucial  —  but  woefully 
scarce,  “even  though  it’s  been  20  years 
since  the  movie  War  Games,”  says 
Lance  Hayden,  a  manager  in  the  Ad¬ 
vanced  Services  for  Network  Security 
Practice  at  Cisco  Systems  Inc.  His 
group  conducts  network  vulnerability 
assessments  for  organizations  to  help 
them  find  and  plug  security  holes. 

Hayden  is  referring  to  the  1983 
movie  about  a  computer  hacker  who 
nearly  starts  a  global  nuclear  war  be¬ 
cause  of  a  lack  of  password  protection 
in  a  military  computer  system. 

Even  though  people  seem  to  under¬ 
stand  the  need  for  password  protec¬ 
tion,  “we  continue  to  see  remote  ac¬ 
cess  servers  with  no  passwords  or 
poor  passwords  that  are  easily 
guessed,”  says  Hayden. 

And  user  education  about  the  im¬ 
portance  of  security  and  the  basics  of 
how  to  use  it  goes  a  long  way. 

Consider  the  notorious  former  Mor¬ 
gan  Stanley  executive  who  sold  his 
BlackBerry  device  containing  confi¬ 
dential  information  for  $15.50  on 
eBay  last  summer.  Cluing  him  in  that 
removing  the  battery  from  the  device 
wouldn’t  erase  the  data  might  have 
prevented  the  blunder. 

In  addition,  implementing  power-on 
passwords  and  encrypting  any  execu¬ 
tive’s  stored  confidential  data  so  that  it 
isn’t  comprehensible  to  anyone  who 
inherits,  steals,  finds  or  —  in  this  case 
—  buys  the  device  are  good  ideas. 

©  43452 

Wexler  is  a  freelance  writer  in  Cali¬ 
fornia’s  Silicon  Valley.  Contact  her 
at  joanie@jwexler.com. 
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Digital  Archives 

50  YEARS  AGO: 


An  eclectic  collection  of  research 
and  resources.  By  Mitch  Betts 


Windows  ATMs 
Raise  Concerns 

Diebold  Inc.’s  recent  revelation  that 
automated  teller  machines  operated  by 
two  of  its  banking  customers  were 
struck  by  the  W32/Nachi  worm  high¬ 
lights  a  growing  security  concern 
about  the  move  to  Windows-based 
cash  machines. 

The  outbreak  of  Nachi,  also  known 
as  Welchia,  required  the  unnamed 
banks  to  take  down  and  patch  infected 
ATMs  before  they  could  be  safely 
brought  back  online,  says  Jim  Merrell, 
director  of  global  product  marketing  at 
North  Canton,  Ohio-based  Diebold,  a 
leading  ATM  manufacturer. 

The  security  problems  on  ATM  net¬ 
works  come  at  a  time  when  many  banks 
worldwide  are  migrating  from  an  older 
generation  of  machines  that  used  IBM’s 
OS/2  operating  system  to  Windows 
machines.  The  mass  migration  has  been 
spurred  by  a  number  of  factors,  includ¬ 
ing  IBM’s  decision  to  stop  supporting 
OS/2  by  2006  and  pressure  from  ATM 
vendors,  says  Ann  All,  the  editor  of 
ATMmarketplace.com,  an  online  publi¬ 


cation  that  covers  the  ATM  market. 

The  advantages  of  Windows  ATMs 
include  built-in  support  for  HTML  and 
XML,  as  well  as  the  fact  that  banks  can 
create  a  consistent  look  and  feel  be¬ 
tween  home  banking  applications  and 
ATMs.  But  security  analysts  predict 
that  the  move  to  Windows  will  almost 
certainly  result  in  more  disruptions 
from  worms,  viruses  and  hackers,  be¬ 
cause  the  Microsoft  operating  system 
presents  more  avenues  for  exploitation. 

“The  general-purpose  operating  sys¬ 
tem  does  everything.  Unfortunately, 
that  also  means  there’s  more  bad  stuff 
that  could  run  on  the  computer,”  says 
Bruce  Schneier,  chief  technology  offi¬ 
cer  at  Counterpane  Internet  Security 
Inc.  in  Mountain  View,  Calif. 

Another  issue  is  how  fast  security 
holes  can  be  patched.  ATM  software  is 
often  upgraded  via  “sneaker  net,”  with 
technicians  physically  visiting  each 
machine  for  maintenance. 

Diebold  and  other  ATM  vendors  say 
they’re  “hardening”  the  installations  of 
Windows  they  ship  with  their  ATMs 
by  disabling  unnecessary  services  and 
ports  and  removing  files  that  support 
peripherals.  In  November,  Diebold  and 
Sygate  Inc.  announced  that  Diebold 
ATMs  will  be  outfitted  with  Sygate’s 
firewall  software. 

But  some  vendors  see  ATM  security 
as  largely  an  internal  IT  problem. 
“When  customers  ask  me  [about  ATM 
security],  I  tell  them  to  talk  to  their 


network  security  people.  They  need  to 
treat  their  ATM  like  other  devices  on 
their  network  and  protect  it,”  says  Kent 
Schrock,  director  of  marketing  at  ATM 
vendor  Fujitsu  Transaction  Solutions 
Inc.,  a  division  of  Fujitsu  Ltd. 

—  Paul  Roberts,  IDG  News  Service 


Patent  Watch 

■  A  system  for  monitoring  the  reliabili¬ 
ty  of  networking  equipment  in  the 
field.  This  “field  availability  monitor¬ 
ing  system”  is  attached  to  switches  and 
routers  that  have  been  installed  at  cus¬ 
tomer  sites  and  sends  an  e-mail  to  the 
vendor  whenever  components  fail  or 
have  a  problem.  The  e-mail  is  trans¬ 
formed  into  a  trouble  log  that  can  be 
analyzed  for  ways  to  prevent  recurring 
problems.  —  U.S.  Patent  No.  6,665,822, 


■  Western  Electric’s  No.  28  tele¬ 
typewriter  becomes  commercially 
available. 

■  The  Bell  System  puts  a  hands-free 
Speakerphone  into  limited 
production. 

■  AT&T  offers  a  long-distance  “Inte¬ 
grated  Data  Processing”  service. 

Data  from  punched  cards  in  Cincin¬ 
nati  is  fed  into  a  computer  in 

New  York. 

20  YEARS  AGO: 

■  A  new  AT&T  Corp.  and  the  seven 
Bell  operating  companies  begin  oper¬ 
ations  as  separate  entities  after  the 
AT&T  divestiture.  ©  43734 
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Get  more  news  and  opinion  columns  at  our  Networking 
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Have  trouble  visualizing  your  network? 
IPsonar  software,  from  Lumeta  Corp.  in 
Somerset,  N.J.,  not  only  maps  the  net¬ 
work  and  its  perimeter;  it  also  finds 
“leaks”  that  could  be  serious  security 
problems.  In  this  image,  for  example, 
the  red  area  in  the  lower  right  shows 
an  unauthorized  Internet  gateway.  ^ 


PARTNER 

CONNECTIONS  EXPOSE 


C9MPUTERW0RLD  January  19,  2004 


KNOWLEDGE  CENTER  NETWORKING 


www.computerworld.com 


Phishing 

[DEFINITION 

Phishing  is  a  technique  used  to  gain  personal  informa¬ 
tion  for  purposes  of  identity  theft,  using  fraudulent 
e-mail  messages  that  appear  to  come  from  legitimate 
businesses.  These  authentic-looking  messages  are 
designed  to  fool  recipients  into  divulging  personal 
data  such  as  account  numbers  and  passwords,  credit 
card  numbers  and  Social  Security  numbers. 


BY  RUSSELL  KAY 

N  SHAKESPEARE’S  Othello 
Iago  says:  “But  he  that 
filches  from  me  my  good 
name/Robs  me  of  that 
which  not  enriches  him/And 
makes  me  poor  indeed.”  Un¬ 
fortunately,  technology  and 
our  ever-more-connected  so¬ 
ciety  now  contradict  the  first 
assertion  of  that  state¬ 
ment,  because  today, 
stealing  another’s  good 
name  can  enrich  the 
thief  considerably. 

Identity  theft  is  the 
name  of  the  game.  If 
someone  can  get  vital  authen¬ 
tication  information,  that  per¬ 
son  may  be  able  to  access  an¬ 
other’s  bank  accounts,  charge 
accounts  or  credit  informa¬ 
tion.  In  1998,  Congress  passed 
the  Identity  Theft  and  As¬ 
sumption  Deterrence  Act, 
which  made  identity  theft  a 
federal  crime  subject  to  as 
many  as  15  years  in  prison. 
Still,  identity  theft  flourishes, 
and  one  easy  and  increasingly 
popular  way  of  capturing  per¬ 
sonal  data  is  called  phishing. 

Phishing  isn’t  really  new  — 
it’s  a  type  of  scam  that  has 
been  around  for  years  and  in 
fact  predates  computers.  Mali¬ 
cious  crackers  did  it  over  the 
phone  for  years  and  called  it 
social  engineering.  What  is 
new  is  its  contemporary  deliv¬ 
ery  vehicle  —  spam  and  faked 
Web  pages. 

Phishing  (sometimes  called 


carding  or  brand  spoofing) 
uses  e-mail  messages  that  pur¬ 
port  to  come  from  legitimate 
businesses  that  one  might 
have  dealings  with  —  banks 
such  as  Citibank;  online  orga¬ 
nizations  such  as  eBay  and 
PayPal;  Internet  service 
providers  such  as  AOL,  MSN, 
Yahoo  and  EarthLink;  online 
retailers  such  as  Best 
Buy;  and  insurance 
agencies.  The  mes¬ 
sages  may  look  quite 
authentic,  featuring 
corporate  logos  and 
formats  similar  to 
the  ones  used  for  legitimate 
messages.  Typically,  they  ask 
for  verification  of  certain  in¬ 
formation,  such  as  account 
numbers  and  passwords,  al¬ 
legedly  for  auditing  purposes. 
And  because  these  e-mails 
look  so  official,  up  to  20%  of 


unsuspecting  recipients  may 
respond  to  them,  resulting  in 
financial  losses,  identity  theft 
and  other  fraudulent  activity 
against  them. 

The  Phishing  Lure 

Here’s  an  example  of  how 
phishing  works.  On  Nov.  17, 
2003,  many  eBay  Inc.  cus¬ 
tomers  received  e-mail  notifi¬ 
cations  that  their  accounts  had 
been  compromised  and  were 
being  restricted.  In  the  mes¬ 
sage  was  a  hyperlink  to  what 
appeared  to  be  an  eBay  Web 
page  where  they  could  re¬ 
register.  The  top  of  the  page 
looked  just  like  eBay’s  home 
page  and  incorporated  all  the 
eBay  internal  links.  To  re¬ 
register,  the  customers  were 
told,  they  had  to  provide  cred¬ 
it  card  data,  ATM  personal 
identification  numbers,  Social 


To  lessen  the  chance  that  a  phishing  attack  on  you  will  be  suc¬ 
cessful,  consider  using  digital  signatures  for  outgoing  communi¬ 
cations  so  that  recipients  can  authenticate  the  sender. 

Also,  a  number  of  e-mail  service  vendors  ffer  antispam 
products  that  address  the  phishing  problem,  including  the 
following: 


Brightmai!  Inc.,  San  Fran¬ 
cisco,  www.brightmail.com 

..  ....  Arlington. 
Va„  www.cyveillance.com 

Envis'ronal,  Cambridge, 
England, 

www.envisional.com 


MailFrontier  Inc.,,  Palo  Alto, 
Calif.,  www.mailfrontler„com 

.  .  -  :  ■ 

Calif.,,  www.proofpoint.com 

Tumbleweed  Communica¬ 
tions  Corp.,  Redwood  City, 
Calif.,  www.;t,umblewee,d.,co;m 


Security  number,  date  of  birth 
and  their  mother’s  maiden 
name.  The  problem  was,  eBay 
hadn’t  sent  the  original  e-mail, 
and  the  Web  page  didn’t  be¬ 
long  to  eBay  —  it  was  a  prime 
example  of  phishing. 

In  September  2003,  the  Fed¬ 
eral  Trade  Commission  re¬ 
ported  that  9.9  million  U.S. 
residents  have  been  victims  of 
identify  theft  during  the  past 
year,  costing  businesses  and 
financial  institutions  $48  bil¬ 
lion  and  consumers  $5  billion 
in  out-of-pocket  expenses. 

In  an  online  interview  in 
July  with  The  Washington  Post, 
J.  Howard  Beales,  director  of 
the  FTC’s  Bureau  of  Consumer 
Protection,  said  ID  theft  is  the 
No.  1  complaint  his  organiza¬ 
tion  receives,  accounting  for 
43%  of  calls. 

According  to  the  Anti- 
Phishing  Working  Group,  an 
industry  organization  started 
by  Redwood  City,  Calif.-based 
Tumbleweed  Communica¬ 
tions  Corp.,  most  major  banks 
in  the  U.S.,  the  U.K.  and  Aus¬ 
tralia  have  been  misrepresent¬ 
ed  to  customers  during  phish¬ 
ing  attacks. 

Cutting  the  Line 

Even  before  phishing  became 
so  prevalent,  legitimate  busi¬ 
nesses  and  financial  institu¬ 
tions  would  hardly  ever  ask 
for  personal  information  via 
e-mail.  If  you  receive  such  a 
request,  call  the  organization 
and  ask  if  it’s  legitimate  or 
check  its  legitimate  Web  site. 

Look  for  misspellings  and 
bad  grammar.  While  an  occa¬ 
sional  typo  can  slip  by  any  or¬ 
ganization,  more  than  one  is  a 
tip-off  to  beware. 

If  the  e-mail  refers  you  to  a 
Web  site,  look  carefully  at  the 
URL.  It’s  easy  to  disguise  a  link 
to  a  site.  Beware  of  the  @  sym¬ 
bol  in  a  URL.  Most  browsers 
will  ignore  all  characters  pre¬ 
ceding  the  @  symbol,  so  this 
Web  address  —  http://www. 
respectedcompany.com@ 
thisisascam.com  —  may  look  to 
the  unsuspecting  user  like  a 
page  of  Respected  Company’s 
site.  But  it  actually  takes  visi¬ 
tors  to  thisisascam.com.  The 
longer  the  URL,  the  easier  it  is 
to  conceal  the  true  destination 
address.  Other  ways  to  dis- 
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The  Origins 
Of  Phisning 

The  word  phishing  ms  coined 
around  1996  by  hackers  steal¬ 
ing  America  Online  accounts 
and  passwords.  By  analogy 
with  the  sport  of  angling,  these 
Internet  scammers  were  using 
e-mail  lures,  setting  out  hooks 
to  “fish’’  for  passwords  and  f 
nancial  data  from  the  “sea" 


although  r 
take  the  bait,  < 
would.  The  term  was  n 
tioned  on  the  i 


tinely  trade  10 
phishforapiece 

n 

Adapted  tromn 
www.antiphishing.c 


guise  URLs  include  substitut¬ 
ing  similar-looking  characters, 
so  that  paypdl.com  could  be 
(and  has  been)  spoofed  aspay- 
pal.com  or  paypal.com.  Simi¬ 
larly,  a  zero  can  be  substituted 
for  the  letter  O  within  a  URL. 
©  43834 


Kay  is  a  Computerworld 
contributing  writer  in  Worces¬ 
ter,  Mass.  Contact  him  at 
russkay@charter.net 


ADDmONAL  RESOURCES 

For  links  to  more  information  and  anti¬ 
phishing  organizations,  visit  our  Web  site: 

OQuickLink  43962 

www.computerworldxom 


Are  there  technologies  or  issues  you’d  like 
to  learn  about  in  QuickStudy?  Send  your 
ideas  to  quickstudy@computerworld.com 


To  find  a  complete  archive  of  our 
QuickStudies,  go  online  to 
Cl  computerworld.com/quickstudies 
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BEST  PUCES  i 

10  WORK  MIT  2004  | 

If  your  IT  department  offers 
great  benefits,  competitive 
salaries,  opportunities  for 
training  and  advancement,  j 
and  access  to  interesting  proj-  j 
ects,  then  get  your  company  i 
recognized!  Computerworld 
is  conducting  its  11th  Annual 
Best  Places  to  Work  in  IT 
survey,  and  we  need  your  help.  \ 
Our  special  report  will  honor  j 
the  top  100  companies  that 
offer  their  IT  staffs  a  challeng-  j 
ing  and  satisfying  work 
environment. 

thewinningcompanieswiu.be 

ANNOUNCED  IN  THE  JUNE  14, 2004, 

ISSUE  OF  COMPUTERWORLD. 


Which  companies  are  eligible? 
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i  Companies  must  have  a 
minimum  of 500  total 
employees  and  100  IT 
employees. 

i  For-profit  companies  must 
verify  that  they  have  annual 
revenue  of  $250  million  or 
greater. 

■  Companies  based  outside 
the  U.S.  must  have  a  U.S. 
headquarters  with  a  minimum 
of 500  total  employees  and 
100  IT  employees. 

■  Participating  companies  must 
distribute  an  employee  survey 
to  a  randomly  selected  sample 
of  their  IT  staff  as  part  of  the 


Complete  a  survey  for  your  company  today  at  www.computerworld.com/bestplaces05. 
The  deadline  for  all  surveys  is  Friday,  January 30, 2004,  at  5  p.m.  EDT. 

For  more  information,  go  to  www.computerworid.com/services/research/bestplaces 
or  send  e-mail  to  bestplaces@computerworld.com. 
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Sometimes  threats  don't  look  like  threats.  They  look  like  your  mobile  workers,  your  sales  department  or  your  CFO's  daughter.  Even  the  innocent  act  of  downloading  a  file — one  that 
looks  like  any  other,  but  is  in  fact  corrupt — can  create  a  costly  security  breach  that  can  take  your  business  off-line  for  days.  So  how  do  you  defend  against  threats  that  take  the  shape  of 
productive  employees?  A  network  with  integrated  security  can  detect  and  contain  potential  threats  before  they  become  actual  ones.  Whether  they're  worms,  hackers  or  even  well-meaning 
humans.  Security  that's  about  prevention.  Not  reaction.  Visit  cisco.com/securitynowto  learn  more.  SELF-DEFENDING  NETWORKS  PROTECT  AGAINST  HUMAN  NATURE. 
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SNAPSHOTS 


Spending  Plans 

The  top  five  types  of  networking 
investments  planned  for  the 
next  12  months: 


Increased  bandwidth 


Base:  Phone  interviews  with 
200  IT  decision-makers 

SOURCE:  AMR  RESEARCH  INC.. 
BOSTON.  OCTOBER  2003 


Microsoft?  Security? 

Would  you  consider  buying 
security  products  from  Microsoft? 


Base:  Survey  of  100  CIOs 

SOURCE:  GOLDMAN  SACHS  &  CO.. 
NEW  YORK.  NOVEMBER  2003 


E-mail  Overhead 

The  average  amount  of  time 
that  clerical  users  spend  per  week 
on  the  following  e-mail  tasks: 


Sending  am 
Spam  control 
Virus  control 


SOURCE.  ESTIMATES  BY  FERRIS  RESEARCH 
INC  .  SAN  FRANCISCO.  DECEMBER  2003 


MARK  HALL 

Sticky  Securfl 

THE  JOY  OF  watching  the  old  Mission:  Impossible  TV  shows  was  in  follow¬ 
ing  the  team  of  super  secret  agents  as  they  laid  a  trap  for  the  bad  guy.  The  evil 
one  inevitably  succumbed  to  the  lure  set  by  the  heroes  through  his  greed  or 
hubris,  usually  the  latter. 

That’s  the  sort  of  thing  that  can  happen  with  an  increasingly  popular  net¬ 
work  security  technology  called  a  honeypot.  Although  there  are  many  types  of  honey- 
pots,  they  all  have  the  same  purpose:  to  attract  sophisticated  black-hat  hackers,  mali¬ 
cious  script  kiddies  and,  more  often  than  we  care  to  admit,  disgruntled  internal  em¬ 
ployees  into  a  highly  protected  system  that  emulates  a  production  environment. 


Once  the  bad  guy  enters  a  honeypot,  his  actions  can 
be  monitored,  letting  you  know  what  kind  of  attack  is 
imminent  or  under  way.  A  honeypot  can  even  be  used  to 
help  trace  an  intruder  back  to  his  home  base  and  maybe 
catch  him  red-handed,  though  that’s  seldom  the  goal. 

The  way  a  honeypot  works  is  simple.  You  set  up  a 
server  inside  your  firewall  with  software  that  can  em¬ 
ulate  everything  from  simple  e-mail  or  file  transfer 
protocol  functions  to  a  full-fledged  operating  system 
running  a  production  database. 

The  trick  is  that  none  of  your  internal  traffic  is  linked 
to  the  server.  The  honeypot  is  isolated  from  everything 
else.  Absolutely  no  users  are  directed  to  it.  So,  by  defini¬ 
tion,  anyone  pinging,  probing  or  prowling  around  the 
honeypot  either  typed  in  the  IP  address  by 
accident  or,  far  more  likely,  is  up  to  no  good. 

“A  honeypot  is  like  a  mousetrap,”  says 
Ryan  Barnett,  a  senior  security  engineer  at 
RS  Information  Systems  Inc.  in  McLean,  Va. 

“Anything  you  catch  in  it  is  a  problem.” 

Intrusion-detection  systems,  the  security 
cousin  to  honeypots,  which  defend  produc¬ 
tion  servers  against  digital  marauders,  gen¬ 
erate  so  much  information  about  potential, 
real  and,  annoyingly,  false  problems  that  it’s 
often  difficult  to  sift  through  everything  to 
see  what  bad  things  are  going  on.  Augment¬ 
ing  an  IDS  with  a  honeypot  would  give  you 
details  about  the  nature  of  an  attack  and  the 
best  way  to  defend  against  it. 

This  is  particularly  true  when  a  zero-day  virus  hits 
your  network.  Tracking  its  nasty  actions  on  production 
systems  can  be  time-consuming,  because  you  need  to 
filter  out  other  activity.  But  in  a  honeypot,  there’s  noth¬ 
ing  else  to  track,  so  you’ll  know  how  the  virus  is  wreak¬ 
ing  havoc  and  more  quickly  learn  how  to  squelch  it. 

There  are  drawbacks.  First,  just  because  you  have  a 
honeypot  doesn’t  mean  that  a  cracker  will  dip  into  it. 
Attacks  could  be  happening  elsewhere  on  your  net¬ 
work,  leaving  your  honeypot  untouched  because  its  IP 
address  wasn’t  discovered  and  hacked.  That’s  why  you 
still  need  your  IDS. 

Another  problem,  of  course,  is  the  cost  —  not  neces¬ 
sarily  the  price  of  the  software,  because  some  of  it  is 


free,  or  the  hardware,  which  can  be  a  simple  Pentium 
machine,  but  in  the  manpower  required  to  set  it  up. 
Building  a  high-interaction  honeypot,  which  can  emu¬ 
late  a  complete  network  with  multiple  operating  sys¬ 
tems  faking  elaborate  production  operations,  involves 
significant  overhead. 

There’s  also  a  bit  of  risk.  If  you  go  with  a  high-inter- 
action  system  and  overlook  a  detail  or  two  in  setting  it 
up,  you  can  actually  give  the  intruder  too  much  reality 
and  allow  him  to  slip  onto  your  production  network. 

That’s  why  Symantec’s  John  Harrison,  who  has  writ¬ 
ten  about  honeypots  for  Computerworld.com  [Quick- 
Link  42910],  advises  users  with  high-interaction  hon¬ 
eypots  to  set  up  their  systems  so  that  they  immediate¬ 
ly  shut  down  when  an  attacker’s  activity 
reaches  a  certain  threshold. 

Then  there’s  the  legal  quagmire.  If 
you’re  watching  an  attack  that  involves 
moving  packets  in  and  out  of  your  honey¬ 
pot  from  innocent  computers  that  have 
been  hijacked  and  you  look  inside  the  data 
or  payload  of  the  packets,  you  might  be  vi¬ 
olating  privacy  laws.  There  are  no  legal 
precedents  here,  so  it’s  wise  to  establish 
and  publish  policies  that  tell  the  world  that 
it  is  your  standard  procedure  to  sniff  pack¬ 
ets  on  the  network. 

Some  critics  also  suggest  that  a  sophisti¬ 
cated  black-hat  hacker  won’t  fall  prey  to  a 
honeypot.  They  argue  that  you’ll  catch  only  script  kid¬ 
dies  and  internal  malcontents.  Perhaps.  But  thwarting 
either  of  those  types  of  invaders  is  hardly  a  bad  thing. 

For  the  vast  majority  of  users,  low-interaction  hon¬ 
eypots  are  the  best  approach.  The  investment  and  the 
risks  involved  with  high-interaction  honeypots  are  too 
high,  especially  since  you  may  not  nab  the  most  mali¬ 
cious  prey.  But  the  payback  for  low-interaction  sys¬ 
tems  is  well  worth  it. 

As  more  honeypots  get  deployed,  intruders  will  have 
to  wonder  whether  they  have  actually  hacked  something 
useful  or  are  fruitlessly  pawing  inside  a  honeypot.  That 
itself  can  be  a  deterrent.  Like  knowing  that  the  Impos¬ 
sible  Mission  Force  is  out  there,  ready  to  spring  its  trap. 
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Diversity  in  IT:  Professional  Groups  Set  Goals 

While  IBM  views  such  diversity  as  a  business 


Whether  it's  a  job  outlook  report,  survey  of 
employers  of  choice  or  annual  leadership  agenda, 
the  goals  for  diversity  in  the  information  technology 
profession  are  similar.  What  differs  is  the  context  -  the 
cultural  issues  and  situations  that  confront  people 
considered  "diverse"  when  they  seek  education  and 
careers  in  IT. 

For  instance,  if  you  ask  the  Black  Data  Processing 
Association,  American  Indian  Science  and  Engineering 
Society  and  Society  of  Hispanic  Professional 
Engineers  who  the  top  employer  is,  the  answer  is 
the  same:  IBM.  The  reasons  vary  by  the  mere 
definition  of  diversity.  "IBM  is  at  the  cutting  edge  in 
terms  of  recruiting  and  professional  development 
for  American  Indians,"  says  Teresa  Gomez,  acting 
executive  director  for  AISES.  She  points  to  specific 
programs,  including  the  Jan.  12  recruiting  event 
IBM  hosted  at  Santa  Ana  Pueblo  in  New  Mexico.  It 
doesn't  hurt  that  IBM  has  leading  executives  who 
are  Black,  who  are  American  Indian  and  who  are  Hispanic. 

Raul  Cosio,  chair  of  the  Hispanic  Diversity  Task  Force  at 
IBM  since  it  formed  in  the  mid-1990s,  says  the  company's 
record  has  improved  over  the  past  decade,  but  more 
remains  to  be  done.  IBM,  as  a  predecessor  company,  hired 
its  first  women  and  African-American  in  the  late  1800s,  so 
the  foundation  has  been  in  place.  "In  the  past  decade,  the 
number  of  Hispanic  employees  has  grown  by  50%.  More 
importantly,  when  you  look  at  the  senior  leaders  and 
executives,  the  number  of  Hispanics  has  grown  by  better 
than  100%." 


imperative,  Cosio  is  an  example  of  how  the  system  works. 
Now  the  head  of  the  aerospace  &  defense  practice  for  IBM, 
Cosio  spent  two  assignments  in  Latin  America.  "While  that 
was  helpful  in  working  with  employees,  it  was  critical  in 
working  with  customers,"  Cosio  says. 

In  addition  to  building  relationships  with  Hispanic- 
oriented  universities  -  such  as  University  of  Texas-EI  Paso, 
University  of  Puerto  Rico  and  Florida  International 


University  in  Miami  -  the  company  has  aligned  executives 
as  partners  with  Hispanic  organizations  that  include  the 
Society  of  Hispanic  Professional  Engineers  and  the  National 
Society  of  Hispanic  MBAs.  Cosio  points  to  a  crisis  level  of 
Hispanic  high  school  dropouts  as  the  reason  for  extended 
family  and  K-12  programs,  such  as  La  Familia  Technology 
(supported  by  the  Information  Technology  Association  of 
America,  SHPE,  IBM  and  other  corporations  to  link  Hispanic 
families  to  technology  for  assistance  in  life  and  education) 
and  more  than  3,000  IBM  employees  who  serve  as  mentors 
for  kids  and  their  teachers. 


Milton  Haynes,  outgoing  president  of  BDPA,  says  his 
group  has  set  as  its  goal  to  increase  the  number  of  Black  IT 
professionals,  and  to  increase  the  number  of  BDPA 
members  from  3,000  to  25,000  by  2006.  Currently,  there 
are  300,000  African-Americans  employed  as  software 
developers,  business  analysts,  testers,  project  managers 
and  IT  executives/consultants.  BDPA's  top  three  objectives 
are  to  build  and  strengthen  the  minority  community's 
proficiency  and  effective  application  of  information 
technology;  to  affect  a  just  level  of  minority  participation  at 
all  levels  of  the  IT  industry's  employment  and 
business  opportunities;  and  to  become  a 
powerful  voice  that  represents  the  interest  of 
minorities  in  the  IT  industry. 

AISES  too  has  growth  as  an  agenda.  With 
3,000  members,  AISES  reports  that  1  %  of  the 
country's  science  and  engineering  workforce  is 
American  Indian. The  goals  are  quite  different,  as 
the  organization  seeks  sustainability,  growth  of 
professional  development  programs,  and  extension  of 
technology  into  the  mostly  rural  communities.  "Culturally, 
we  are  brought  up  to  return  to  and  give  to  our 
communities,"  Gomez  says.  "That  makes  it  difficult  for 
those  in  science  and  engineering  professions." 
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Difference  wal*mart 


Stores,  Inc. 


We’re  Looking  for  the  Future  Leaders  of  Tomorrow 


Wal-Mart  Stores,  Inc.  has  been  recognized  by  Fortune 
Magazine  as  the  most  admired  company  in  the  world. 
As  our  company  continues  to  expand,  so  does  the 
opportunity  for  first-class,  talented  people  to  guide 
the  future  of  one  of  the  most  successful  and 
innovative  growth  companies  in  the  world. 

Put  your  career  on  a  fast  climb  and  help  us  continue  to 
set  the  industry  standard  in  infonnation  technology. 

•  UNIX  -  C,  C++,  Administration,  Engineering, 
Informix  DBAs 

•  NT  Workstation  -  VB,VC++,  Java,  ASP,  XML 

•  IBM  Mainframe  -  COBOL,  C1CS,  DB2  and 
IMS  DBAs 

•  Networking  -  Ethernet,  VSAT,  Frame 
Relay,  ATM 

•  Telecommunications 

All  positions  are  located  in  Bentonville,  AR. 


Ready  to  do  it  all?  Candidates  interested  in  joining 
our  team  should  forward  a  resume  to: 

Wal-Mart  Information  Systems  Division 
Attn:  Recruiting  Department 
805  Moberly  Lane  M41 
Bentonville,  AR  72716-0560 
E-mail:  ISDADS@wal-mart.com 

For  more  information,  visit  our  Web  site  at: 
www.walmartstores.com 


WaMWart  Is  An  Equal  Opportunity  Emptoyw.  M/F/D/V 
'2000  Wal-Mart  Stores,  tnc. 


QA  ANALYST 

Dvlps  &  implmnts  bus.  &  QA 
processes  for  IT  consulting  pro-' 
jects.  Specific  duties  inch  (i) 
dvlpng  &  executing  QA  test 
plans  &  cases;  (ii)  conducting 
Load  &  Automated  Testing  utiliz¬ 
ing  automated  testing  tools  as 
well  as  manual  testing  proce¬ 
dures;  (iii)  conducting  automat¬ 
ed  &  manual  GUI,  Integration, 
Cross-platform  &  Data  testing; 
(iv)  analyzing  test  results  &  coor¬ 
dinating  with  dvlprs  to  debug 
failed  applns;  &  (v)  maintaining 
&  supporting  bus.  processes  of 
software  applns.  Bach,  degree 
in  Bus.,  Comp.  Sci.,  Info.  Sys.  or 
Engnrg  +  2  yrs  exp.  in  position 
offered  or  as  a  Bus.  Analyst, 
Prog.  Analyst  or  Software  Engnr 
reqd.  Exp.  must  include:  (1) 
Automated  testing  tools  includ¬ 
ing  WinRunner  &  Test  Director; 
(2)  Load  Runner,  &  (3)  SQL. 
High  mobility  preferred.  40 
hrs/wk,  8am  -  5pm,  $66,730/yr. 
Qualified  applicants  please  sub¬ 
mit  resume  to:  Mon  Valley 
Regional  CareerLink,  Attn:  Actg. 
CL  Program  Supervisor,  Donora 
Industrial  Park,  570  Galiffa 
Drive,  Donora,  PA  15033. 
Please  refer  to  Job  Order  No. 
WEB  384076. 


Network  Programmer  Analyst. 
Provide  programming  &  other 
support  for  computer  networks. 
Bachelor  degree  in  CS,  Eng'g, 
or  similar  field  req’d,  as  is  6  mos 
exp  in  job  offd  or  a  network 
operations  position.  Prior  exp 
must  include  exp  w /  Abilene 
network  &  Simple  Network 
Management  Protocol  &  exp 
supporting  Global  Research 
Network  Operations.  Contact  D. 
Allmayer,  HR  Officer.  Job 
#2630.02,  Indiana  University. 
UITS,  2711  E.  10th  St, 
Bloomington,  IN  47408. 
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Compuware 

At  Compuware,  you  can  put 
your  IT  experience  to  work  while 
constantly  developing  new  skills. 
We  currently  have  the  following 
nationwide  opportunities: 

•  Business  Analysts 

•  Database  Administrators 

•  Network  Administrators 

•  Product  Sales 

•  Product  Management/Support 

•  Programmers/Analysts 

•  Project  Managers 

•  QA  Analysts 

•  Software  Developers/ 
Engineers 

•  System  Engineers 

•  Technical  Writers 
.  Web  Developers 

www.compuware.com/careers 
Be  sure  to  indicate  the  specific 
title  and  location  you  are  apply¬ 
ing  for  on  your  application  letter. 
Send  your  resume,  referring  to 
ad  #ITC011904,  to:  Compuware 
Corporation,  Attention:  Recrui¬ 
ting  Dept.  31440  Northwestern 
Hwy.,  Farmington  Hills.  Ml 
48334.  E-mail: 
ads@compuware.com.  EOE 


Computer 

Arise  Consulting  LLC  is  hiring 
International  Recruiter 

SResource  Coordinator,  require 
[minimum  of  a  four-year 
Bachelor's  degree  &  5  yrs 
exp.service  engineering,  4  yrs 
software  Inti,  recruiting  &  project 
resource  coordination  skills  at 
our  office  in  Glen  Ellyn.  IL.  Send 
resumes  to  799  Roosevelt 
Rd.Bldg  4,  Ste008,  Glen  Ellyn, 
IL60137  or  email  to: 
resume@ariseconsulting.com 


is  the  place  where 
your  fellow  readers 


are  getting  a  jump  on 
even  more  of  the 
world's  best  jobs. 


Now  combined  with 
CareerJournal.com, 
you  have  more  jobs 
to  choose  from. 


Stop  in  for  a  visit 
and 

see  for  yourself  at: 


www.itcareers.com 


Software  Engineer  req.  by 
Software  Dev.  Corp.  Duties: 
Need  to  perform  major  enhance¬ 
ments  to  the  current  COBOL/ 
CICS/SUPRA  based  mainframe 
application  and  to  implement 
this  application  at  various  client 
sites  using  MVS,  JCL,  VSAM, 
DB2,  SUPRA  and  MQ  series. 
Implementation  includes  devel¬ 
oping  new  programs  to  satisfy 
the  needs  of  the  other  divisions 
and  to  interface  with  Oracle 
applications  using  MQ  series, 
and  between  hardware  and 
Software.  Job  to  be  performed  in 
Chantilly,  VA  and  various  other 
unanticipated  client  sites  in  the 
U.S,  as  assigned.  Req:  A 
Masters  Degree,  in  either  Math, 
or  Sci.,  or  Comp.  Sci.  or  Engg, 
or  equiv,  and  1  yr  exp,  in  the  job 
offered  or  related  occupation,  40 
hrs/wk,  8:00AM-5:00PM,  Mon- 
Fri.  Apply  with  resume  to 
President,  Chamanti  Corp., 
4477  Shady  Point  Place, 
Chantilly,  VA29151. 


Software  Dev.  Co.  req.  Software 
Eng.  w/MS  &  lyr.  Exp.  &  Prog. 
Analyst  w/BS  &  24  mos.  Exp.  in 
foil:  Visual  Basic,  Oracle, 
PowerBuilder,  Sybase,  Java, 
Unix,  C++,  AS/400,  SQL  Serv., 
Synon,  Cobol,  Lotus  Notes, 
SAP,  Java  Script,  HTML,  DB2, 
Corba,  CICS,  ILE,  RPG,  EJB, 
Siebel,  JD  Edwards,  WebLogic, 
Rational  Rose.  Equiv.  Deg.  & 
exp  also  accepted.  40  hrs/wk 
9:00AM  to  5:00PM. ,  Mon-Fri. 
Travel  &  relocation  req.  to  vari¬ 
ous  unanticipated  client  sites  in 
the  U.S.  Send  res.  to  Attn: 
Recruiter:  Allied  Informatics,  Inc, 
9111  Cross  Park  Dr.,  Ste.  D-200, 
Knoxville,  TN  37923. 


SYSTEMS  ENGINEER 
Witness  Systems,  Inc.,  a 
Developer  of  Client/Server 
Monitoring  Software,  seeks  a 
qualified  Associate  Quality 
Assurance  Engineer  for  Atlanta, 
GA  location.  Must  have  a 
Bachelor's  degree  or  foreign 
degree  equivalent  in 
Engineering  or  related  field  plus 
2  years  of  experience  in  the 
position  offered  or  2  years  of 
experience  as  a  Software 
Engineer.  Salary  and  benefits 
commensurate  with  experience. 
Send  resume  to:  Sheri 

Mattison,  Employment  Manager, 
Witness  Systems,  Inc.  300 
Colonial  Center  Parkway, 
Roswell,  GA  30076. 


Software  Engineer  (with 
Bachelors  degree  and  3  years 
experience  or  Associates 
Degree  and  5  years  of  experi¬ 
ence)  -  Columbus,  OH.  Job 
entails  and  requires  experience 
in  Installation  and  implementa¬ 
tion  of  Oracle  Applications  (GL, 
AP,  Fixed  Assets  and  Project 
Costing),  and  experience  in  the 
design  and  development  of 
commercial  applications  using 
PL/SQL,  Shell  Scripts,  Unix  and 
NT.  Relocation  within  USA 
Possible.  Attractive  compensa¬ 
tion  package.  Send  resume  to 
Priya  Venkat,  Technology 
Software  Inc.,  1515  Bethel  Rd„ 
Suite  304,  Columbus,  OH 
43220. 


Systems  Management  Design 
Engineer:  wanted  by  a  telecom¬ 
munications  corporation  located 
in  Miami,  FL.  Applicants  must 
have  a  Bachelors  degree  in 
industrial  engineering  or  man¬ 
agement  information  systems  or 
related  engineering  field  or  for¬ 
eign  academic  degree  equiva¬ 
lency  and  must  have  2yrs.  of 
experience  in  the  job  duties. 
Mail  resumes  only  to  5225  NW 
87th  Avenue  #100,  Miami,  FL 
33178,  Attention:  Freddy  Sidi. 


Principal  Software  Engineer  to 
serve  as  snr  level  technical  con¬ 
tributor  to  team  in  development 
&  architecture  of  wireless  trad¬ 
ing  applications.  Will  use  Java. 
WML,  HDML  &  XHTML  lan¬ 
guages  to  further  enhance  wire¬ 
less  trading  application  &  plat¬ 
form  across  all  networks  and 
devices:  develop  a  web-based 
Stock  Plan  Services  resource 
center  in  Java  &  Websphere 
platform:  work  on  multiple  pro¬ 
jects  concurrently  and  develop 
on  multiple  platforms;  provide 
technical  leadership/training  to 
jnr  team  members;  perform 
independent  technical  analysis 
on  complex  wireless  develop¬ 
ment  projects;  perform  code  & 
unit  testing  for  complex  scope 
modules  &  projects;  and  will  be 
responsible  for  directing  &  mon¬ 
itoring  the  work  of  team  mem¬ 
bers  for  project  completion/user 
satisfaction.  Requires  BSc  or 
equiv  in  Computer  Science, 
Eng,  Math  or  Physics  plus  3  yrs 
in  job  offered  OR  3  yrs  exper 
developing  web  or  wireless 
applications.  Alternatively,  MSc. 
or  equiv  in  CS,  Eng,  Math,  or 
Physics  plus  1  yr  in  job  offered 
OR  1  yr  exper  developing  web 
or  wireless  applications.  Candi¬ 
date  must  also  possess  demon¬ 
strated  expertise  developing 
wireless  real-time  applications  in 
JAVA,  WML,  HDML,  and 
XHTML;  demonstrated  expertise 
architecting  wireless  financial 
trading  applications  including 
phones,  PDAs  &  pagers  and 
demonstrated  expertise  devel¬ 
oping  web  applications  in  Oracle 
database  environment.  Sal: 
$76,588/yr,  M-F,  9A-5P.  Send  2 
resumes  to  Case  #200203271, 
Labor  Exchange  Office,  19 
Staniford  St.,  1st  fl,  Boston,  MA 
02114.  EOE.  Applicants  must  be 
U.S.  workers  eligible  to  accept 
full-time  employment  in  U.S. 


J£  Matadi  is  a  leading  fashion 
firm  with  over  3000  customers  in 
North  America.  Our  company 
currently  has  opening  for  the  fol¬ 
lowing: 

Systems  Analyst:  Design,  devel¬ 
op,  implement  and  support 
client-server  &  Internet  based 
programs  for  ERP  packages, 
asset  management,  sales  force 
automation  and  E-commerce. 
Integrate  Technologies  in  core 
SAP  R/3  includes.  Electronic 
Data  Interchange,  Workflow, 
Business  Connector  and  Web 
Application  Server;  Oracle  8i, 
NET  and  Visio,  Biztalk, 
Business  Objects,  web  intelli¬ 
gence,  Erwin,  Office  Master 
system  and  UNIX.  Requires 
Bachelor's  degree  in  Computer 
Science  or  Engineering  and  2 
years  of  experience. 

Send  resume  to:  Attn:  Recruiter, 
JE  Matadi  Dress  Co,  Inc.,  11400 
S  Sam  Houston  Pkwy  W, 
Houston,  TX  77031,  or  email  to: 
careers@jematadi.com 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis,  TN:  Senior  Scientific  Pro¬ 
grammer.  Design  and  develop 
scientific  programming  applica¬ 
tions  using  logical  and  mathe¬ 
matical  solutions  in  support  of 
operations  research.  Require¬ 
ments:  Bachelor's  degree  or 
equivalent*  in  computer  science, 
operations  research,  engineer¬ 
ing  or  related  field,  plus  2  years 
of  experience  in  programming  in 
a  scientific  environment.  Edu¬ 
cation  must  have  included 
coursework  in  operations  re¬ 
search,  management  science  or 
related  field.  Education  and/  or 
experience  with  development  of: 
relational  databases  in  MySQL; 
web  applications  using  Peri/CGI; 
and  object-oriented  applications 
using  Visual  C++  with  STL  also 
required.  "Master's  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience. 
Submit  resumes  to  Michael 
Umlauf,  Federal  Express 
Corporation,  3680  Hacks  Cross 
Road.  H-2220,  Memphis,  TN 
38125.  EOE  M/F/DA/. 


Computer  Professionals 

IT  Co.  in  New  Castle,  DE  has 
multiple  opening  for  S/ware/ 
Systms  Enggs/Prog  Anlysts 
w/foll  skill  sets  in 
Windows/UNIX: 

1.  Java  Technologies  (EJB, 
J2EE,  BEA  Weblogic,  JSP. 
Applet,  Servlets,  JDBC  etc.); 
Oracle/SQL  databases  (Job 
Code  #  EE03) 

2.  J2EE,  Web  Services, 
Wireless  technologies,  Palm, 
Multimedia,  Dreamweaver, 
Flash,  Photoshop,  Illustrator, 
Oracle  (Job  Code  JJ03) 

3.  DHTML,  JavaScript,  ASP. 
JSP,  PHP,  CSS,  Cool  Edit  Pro, 
Ultradev,  Flash,  Photoshop, 
Pagemaker  (Job  Code  #MM03) 

4.  Delphi,  Power  Builder,  ASP, 
XML,  MS  SQL  Server  (Job  Code 
QQ03) 

5.  Data  Warehousing,  Inform- 
atica,  MicroStrategy,  Brio, 
Oracle,  PL/SQL,  TOAD,  ERWIN, 
Shell  Scripting  (Job  Code  PP03) 

6.  PeopleSoft  8.x  technical  and 
functional  knowledge  (Job  code 
RR03) 

Req  Bach./equiv.  &  1-3  yrs  exp. 
or  training  in  job  duties.  Will 
accept  any  comb  of  edu.  training 
&/or  exp  that  meets  min  reqm- 
nts.  Must  refer  to  Job  Code 
when  applying.  Send  resume  to: 
Insyst  (DE),  Inc.,  42  Read's 
Way,  New  Castle,  DE  19720- 
1649.  Fax:  302-323-8105. 
Email:  jobs@insystus.com. 


Senior  Hardware  Engineer  will 
perform  board  design  and  verifi¬ 
cation.  Will  develop  test  plan  to 
verify  the  formality  and  integrity 
of  a  complex  optical-electrical 
10G  bit  processing  card.  Will 
write  hardware-based  Verilog/ 
C++  to  implement  a  fully  auto¬ 
mated  verification  procedure  to 
test  the  functionality  and  con¬ 
nectivity  of  the  board.  Will  use 
tools  to  set  up  a  robust  simula¬ 
tion  environment  to  execute  the 
test  plan.  Will  develop  generic 
methodologies  for  optical-elec¬ 
trical  system  design  verification. 
Requires  Master  of  Science  or 
equivalent  in  Electrical  Engin¬ 
eering,  or  Computer  Engineer¬ 
ing  and  five  (5)  years  experience 
in  job  offered  OR  five  (5)  years 
experience  in  FPGA  and  board 
design  and  verification  in  the 
telecommunication  industry.  OR, 
in  the  alternative,  Ph.D.  or  equi¬ 
valent  in  Electrical  Engineering 
or  Computer  Engineering  and 
three  (3)  years  experience  in  job 
offered  OR  three  (3)  years  expe¬ 
rience  in  FPGA  and  board 
design  and  verification  in  the 
telecommunication  industry. 
Candidate  must  also  possess 
demonstrated  expertise  in  de¬ 
sign  tools  including  Synopsis, 
VCS  and  Design  Compiler;  and 
demonstrated  expertise  in  trans- 
actor-based  verification  technol¬ 
ogy  including  Verilog,  PERL  and 
C++.  Salary:  $96,866/yr,  M-F, 
9AM-5PM.  Send  2  resumes  to 
Case  #200202948,  Labor 
Exchange  Office,  19  Staniford 
St.,  1st  ft.,  Boston,  MA  02114. 
EOE.  Applicants  must  be  work¬ 
ers  eligible  to  accept  full-time 
employment  in  U.S. 


Sr.  Programmer  Analyst/ 
Software  Engineers  need¬ 
ed.  Seeking  candidates 
possessing  MS/BS  or 
equivalent  and/or  relevant 
work  experience.  Part  of  the 
req.  rel.  exp.  must  include  2 
years  working  with  Visual 
C++,  Visual  Basic,  Oracle 
and  SQL  Server.  Mail 
resume,  references  and 
salary  requirements  to: 
Global  Cynex  Inc.,  501 
Silver  Side  Road,  #98, 
Wilmington,  DE  19809. 


We  have  openings  for  the  fol¬ 
lowing  positions  to  work  at  the 
client  site  throughout  the  United 
States.  Send  resumes  to:  Webi- 
lent  Technology  Inc.,  259  A  Main 
St,  Suite#5  Nashua,  NH  03060. 

Java  Programmer  Analyst:  De¬ 
sign  and  develop  software  appli¬ 
cations  using  Java,  JDBC.  J2EE 
Websphere,  Tomcat  and  XML. 
Perform  object-oriented  method¬ 
ologies  and  problem  diagnosis. 

Websphere  Architect:  Web¬ 
sphere  Server  administration 
with  experience  in  multi  tier  pro¬ 
duction  environment  using  VAN¬ 
TAGE-ONE,  U0B,  Java,  JDBC, 
JFC  Swing,  Websphere  and 
XML.  Responsible  for  mainten¬ 
ance  and  support  of  Websphere 
server  infrastructure. 

Visual  Basic  Programmer  Ana¬ 
lyst:  Design,  develop  and  test 
software  applications  using  SQL 
Server,  VB,  ASP,  NET  and  Cry¬ 
stal  Reports.  Involved  in  trouble 
shooting,  query  optimization, 
testing  and  production  support 

Mainframe  Programmer  Analyst: 
Analyzing  the  business  needs, 
writing  the  technical  specifica¬ 
tions  and  testing  the  application 
using  Cobol,  DB2,  CICS,  File- 
Aid  and  MVS/ESA.  Must  be  able 
to  Performance  Tune,  Trouble¬ 
shoot  and  production  support. 

Oracle  Software  Engineer:  De¬ 
sign,  develop  and  customize 
application  software  using  Ora¬ 
cle  tools.  Develop  and  imple¬ 
ment  strategies  while  keeping 
the  application  understandable. 
Sol-ving  system  issues  and  per¬ 
formance  tuning. 

Network  services  and  infrastruc¬ 
ture  analyst:  Design,  manage, 
LAN/WAN  infrastructure.  Experi¬ 
ence  in  Telematics,  Nortel,  Cisco 
switches  and  routers,  X.25, 
Framerelay,  VSATs,  T1/64k  cir¬ 
cuits,  Sniffers,  Unix,  NT  to  2000 
migration,  AD,  Citrix  XP,  ISA, 
Exchange  2000  migration, 
LANDesk. 

UNIX  Systems  Engineer:  This 
position  involves  the  analysis 
and  proposal  of  system  hard¬ 
ware,  software,  and  system 
solutions  for  centralized  HP-UX, 
AIX  and  NT  enterprise-class 
computing  platforms,  running 
SAP  applications  in  an  Oracle 
environment. 

DB2  Database  Administrator: 
Install  and  maintain  IBM  DB2  on 
ZJOSI  systems,  Configure,  im¬ 
plement  and  maintain  DB2 
Subsystems  and  Databases. 
Establish  database  security  pro¬ 
cedures  for  DB2  systems.  Mon¬ 
itor  and  tune  performance  of 
DB2  Databases. 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis/Collierville,  TN:  Senior  Tech¬ 
nical  Analyst  Research,  evalu¬ 
ate,  implement  and  coordinate 
changes  to  large,  complex  com¬ 
puter  systems/applications.  Re¬ 
quirements:  Bachelor's  degree" 
in  computer  science,  math,  engi¬ 
neering  or  related  field  plus  5 
years  of  experience  in  sys¬ 
tems/applications  development, 
including  programming.  Experi¬ 
ence  with  C  and/or  C++,  Java 
and  Unix  also  required.  "Master's 
degree  in  appropriate  field  will 
offset  2  years  of  general  experi¬ 
ence.  Submit  resumes  to  Sibi 
George,  FedEx  Corporate  Serv¬ 
ices,  1900  Summit  Tower  Blvd., 
Suite  1400,  Orlando,  FL  32810. 
EOE  M/F/D/V. 


Systems  Analyst  (with  Masters 
degree  and  1  year  experience  or 
Bachelors  with  6years  experi¬ 
ence)  -Williamsport,  PA.  Job 
entails  and  requires  experience 
in  design,  development  and 
implementation  of  applications 
using  Oracle,  SQL  Server,  VB, 
C,  VC++,  ASP/IIS  server, 
COM/DCOM  and  ADO. 
Relocation  within  USA  possible. 
Attractive  compensation  pack¬ 
age.  Send  resume  to  Supriya 
Palayekar,  Palayekar  Comp¬ 
anies,  Inc.,  1959  East  Third 
Street.  Williamsport,  PA  1 7701 . 
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Tech.  Arch,  to  develop  software 
arch,  with  AOP  for  company 
products  including  'Symphony'; 
lead  developers,  tech,  leads,  & 
biz.  analysts  to  deliver/  deploy 
software;  formulate  appln. 
comm,  framework  (JMS/WS), 
XPDL  engine,  biz.  Intell.  frame¬ 
work,  biz.  Model  framework 
(MDA/BPEL),  CDA,  and  Struts 
Ul  Framework.  Inputs  into  PM  & 
biz  analysis  to  streamline  arch. 
&  meet  client  reqs.,  look  at  new 
tech.  &  integrate  tech,  to  compa¬ 
ny  products:  design  in-house 
products  using  J2EE.  JMS.  Java 
Web  Services.  XML  Tech,  as 
XSL,  XSLT,  JAXB  and  XPATH, 
Java  Security  API,  JDBC,  JNDI. 
MS  in  CS  or  Electrical  Eng.  (or 
eq.)  +  2  yr.  program  exp.  In  Java 
and  OOAD  Comp,  salary. 
Apply:  Core  Concept  1050 
Crown  Pointe  Parkway,  #1405, 
Atlanta,  GA  30338  with  proof  of 
perm.  Work  auth. 

SENIOR  SYSTEMS 
INTEGRATION  ENGINEER 
Witness  Systems,  Inc.,  a 
Developer  of  Client/Server 
Monitoring  Software,  seeks  a 
qualified  Senior  Systems 
Integration  Engineer  for 

Bloomington,  IL  location.  Must 
have  a  Bachelor's  degree  or  for¬ 
eign  degree  equivalent  in 
Electrical  Engineering,  Comp¬ 
uter  Engineering,  or  related  field 
plus  2  years  of  experience  in  the 
position  offered  or  2  years  of 
experience  in  operating  systems 
administration,  database  admin¬ 
istration,  and  programming. 
Salary  and  benefits  commensu¬ 
rate  with  experience.  Send 
resume  to:  Sheri  Mattison, 
Employment  Manager,  Witness 
Systems,  Inc.  300  Colonial 
Center  Parkway,  Roswell,  GA 
30076. 

Programmer  Analyst  needed  for 
IT  consulting  firm  in  Burlington, 
VT.  Job  duties:  Analyze,  devel¬ 
op,  test  and  document  client/ 
server  and  web-based  computer 
applications  for  clients  through¬ 
out  the  eastern  U.S.  Evaluate 
user  requests  for  new/modified 
programs.  Use  Oracle,  JAVA,  In¬ 
terwoven  to  perform  tasks.  Work 
as  part  of  a  team  under  direct 
supervision.  Applicant  must 
have  B.S.  degree  in  Computer 
Science,  Business,  Mathematics 
or  Engineering.  Applicant  must 
also  have  2  yrs.  exp.  in  the  job 
duties  described  above  or  in  any 
computer  related  occupation 
which  includes  the  skills  listed 
above.  40hrs/wk,  9:00  am-5:00 
pm,  Mon-Fri,  $52,936/yr.  Send 
resume  &  cover  letter  to: 
Vermont  Dept,  of  Employment  & 
Training,  Job  No.  612548,  P.O. 
Box  488,  Montpelier,  VT  05601- 
0488. 

Seeking  qualified  applicants 
for  the  following  positions  in 
Collierville  TN:  Senior  Bus- 
iness  ADDlication  Analvst.  Act 

as  liaison  between  technical 
developers  and  users/custom¬ 
ers.  Requirements:  Bachelor’s 
degree  or  equivalent*  in  com¬ 
puter  science,  business,  math, 
statistics  or  related  field  plus  5 
years  of  experience  in  analyz¬ 
ing  business  systems  and  de¬ 
veloping  technical  automated 
solutions.  Experience  with 
Java  or  C++;  development  of 
n-tiered  object-oriented  appli¬ 
cations;  and  either  Cobol,  DB2 
or  CICS  also  required.  "Mas¬ 
ter's  degree  in  appropriate 
field  will  offset  2  years  of  gen¬ 
eral  experience.  Submit  res¬ 
umes  to  Sibi  George,  FedEx 
Corporate  Services,  1900 
Summit  Tower  Blvd.,  Suite 
1400,  Orlando,  FL  32810. 
EOE  M/F/D/V. 

Database  Administrator  - 
Coudersport,  PA.  Prepare/ 
maint.  physical  &  logical  dsgn 
of  Oracle  db  structure.  BS  in 
Comp.  Sci./Engrg,  MIS  or 
Electr.  Engrg  (or  equiv.  of 
Assoc,  deg.  in  same  fields  + 
4  yrs  exp.  as  DBA  or  Comp. 
Professional)  +  3  yrs  exp.  in 
same  occupations  rqd.  Must 
have  exp.  w/Oracle,  Sybase 
&  Unix.  Send  resume  to: 
Eileen  Donahue,  Dir.  of 
Recruiting,  TelCove,  712  N. 
Main  St.,  Coudersport,  PA 
16915. 

Database  Administrator  w/exp  to 
install,  upgrade  &  maintain  DB2 
&  Informix  database  under 

Solaris,  AIX,  Linux/Win.  Provide 
database  monitoring  &  reporting 
using  Tivolitools-DM,  ITM,  ITMD 
&  TEC.  Perform  installation  & 
configuration  of  backup  &  recov¬ 
ery  processes  for  RDBMS  using 
Tivoli  Storage  Manager.  Perform 
capacity  for  planning  for  enter¬ 
prise  databases  using  (TEDW). 
Send  resumes  to:  Virpie,  Inc. 
925  Oronoke  Road,  Suite  24-D, 
Waterbury,  CT06708 

Programmer-Analyst  to  dvlp 
s/ware  using  C#,  VB.Net, 
ASP.Net.  VB,  Crystal  Enterprise, 
Web  Services,  XML,  XPATH, 
XSLT,  SOAP,  Remoting,  Oracle 
Forms  &  Reports,  SQL’Net, 
SQL’Menu,  Oracle  app  server, 
WebDb,  MTS,  COM,  COM+, 
DCOM,  ActiveX,  IIS,  ASP,  Java¬ 
script,  DHTML,  VBScript,  MS 
Access, SSL  on  Win  &  Unix  OS. 
DB  dev  with  Oracle  &  SQL  Ser¬ 
ver.  Data  access  using  ODBC, 
RDO,  DAO,  ADO  &  ADO. Net. 
Perform  DBA  &  data  loading 
activities  in  Oracle  &  SQL 
Server.  Use  CASE  tools  such  as 
Visio  &  ERWIN.  Send  resume 
to:  American  Valet  Svc,  Attn:  M. 
Petruzzelli,  23  Pineridge  St, 
Melville.  NY  11747. 

Programmer  Analyst  wanted  by 

Culinary  Arts  College  in  Hyde 

Park,  NY  to  plan,  dvlp,  test  & 

administer  comp  prgms  using 

VB,  COBOL  &  Oracle  PL/SQL. 

Determine  systm  performance 

reqmts  &  architecture.  Must 

have  Bach  in  Comp  Sci,  Math  or 

closely  related  &  2  yrs  exp. 

Respond  to  HR  Dept.,  The 

Culinary  Institute  of  America, 

1946  Campus  Drive,  Hyde  Park, 

NY,  12538-1499. 

System/Programmer  Analysts, 
Software/Project  Engineers  or 
other  IT  professionals  wanted  by 
Imetris.  an  e-business  solutions 
provider.  MS/BS  (or  equiv) 
required.  Skills  in  Oracle,  SQL, 
Java,  SAP,  PeopleSoft,  ERP 
tools  preferred.  Competitive 
wages  Please  contact  infoiS) 
imetris.com.  EOE. 

Advansoft  (dba  Soft  O  Soft)  is 
looking  for  program  or  system 
analysts,  Project/IT  engineers. 
Candidate  must  have  BS  or 
equivalent.  Exp.  in  IT  area  such 
as  Oracle,  Java,  VB,  C/C++, 
DB2,  WebSphere/Weblogic  etc 
is  plus  Some  positions  may 
require  travel.  info@advansoft 
com.  EOE. 

SBI  is  looking  for  the  following 
positions  for  its  offices  in 
Houston,  TX,  San  Francisco, 
CA,  Warren,  NJ,  Salt  Lake  City, 
UT  and  Portland,  OR:  Art 
Director,  Web  Designer, 
Programmer  Analysts,  Technical 
Architects,  Technical  Consul¬ 
tants,  Business  Strategists, 
Systems  Analysts,  Software 
Engineers,  Software  Deve¬ 
lopers,  SAP  Consultant, 
resumes  by  email  or  fax  only  to 
HR,  SBI  2825  East  Cottonwood 
Parkway,  Suite  480,  Salt  Lake 
City,  UT  84121: 

careers@sbiandcompany.com; 
Fax  (801)  733-3201. 

Euro  Solutions  Group  dba 
e:Solutions  Group  seeks  Senior 
Software  Engineer  for  our 
Shelton,  CT  loc.  Assess  busi¬ 
ness  flows,  analyze,  set-up  + 
support  Oracle  Applications 
Modules  for  local  +  multi-nation¬ 
al  enterprises.  Plan,  dev  +  per¬ 
form  user  training.  Project  lead 
+  maintain  Apps  throughout  pro¬ 
ject  life-cycle.  Re-engineer 
processes  +  remove  redundant 
activities,  reduce  tech,  risk, 
improve  stability  and  data 
integrity,  expand  systems  flexi¬ 
bility  +  leverage  built-in  integra¬ 
tion  of  Apps.  Work  with  Global 
Accounting  Engine,  Global 
Intercompany  System,  Multiple 
Reporting  Currencies,  + 
Workflow.  Must  have  BS  in 
Computer  related  field  +  5  yrs 
relevant  exp.  Resume  to 
evolutions  Group,  H  R.  Dept, 
13010  Morris  Road,  6th  Floor, 
Alpharetta,  GA  30004. 


Programmer  Analyst  needed  for 
IT  consulting  firm  in  Burlington, 
VT.  Job  duties:  Analyze,  devel¬ 
op,  test  and  document  client/ 
server  based  computer  applica¬ 
tions  for  clients  throughout  the 
U.S.  Evaluate  user  requests  for 
new/modified  programs.  Use 
Oracle,  JAVA,  ATG  Interwoven 
to  perform  tasks.  Work  as  part  of 
a  team  under  direct  supervision. 
Applicant  must  have  B.S.  de¬ 
gree  in  Computer  Science,  Bus¬ 
iness,  Mathematics  or  Engineer¬ 
ing.  Applicant  must  also  have  2 
yrs.  exp.  in  the  job  duties 
described  above  or  in  any  com¬ 
puter  related  occupation  which 
includes  the  skills  listed  above. 
40hrs/wk,  9:00  am-5:00  pm, 
Mon-Fri,  $52,936/yr.  Send  res¬ 
ume  &  cover  letter  to:  Vermont 
Dept,  of  Employment  &  Training, 
Job  No.  612515,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 


Software  Engineers  & 
Programmers:  (1)  Analyze, 
design,  develop,  implement,  test 
&  support  software  specialized 
apps.  in  Client  -  Server  &  AS400 
[J2EE  &  related  tech.,  Rational 
Rose,  RMI,  CORBA,  Iona  Orbix, 
Weblogic  Server,  XSL,  Oracle  & 
related  tools,  CL  400,  RPG  400, 
DB2  400],  (2)  Analyze,  design, 
develop,  test  &  support  middle¬ 
ware  &  front  end  web  based  and 
back  end  apps.  in  J2EE  &  relat¬ 
ed  tech.,  C++,  Weblogic,  IIS, 
Iplanet,  NetScape  Enterprise  & 
Borland  Apps.  Servers.  Send 
Resume  to  attn:  HR,  3761 
Venture  Dr.,  Bldg.  100,  Suite 
240,  Duluth,  GA  30096. 


SYSTEMS  ENGINEER 
Witness  Systems,  Inc.,  a 
Developer  of  Client/Server 
Monitoring  Software,  seeks  a 
qualified  Systems  Engineer  for 
Bloomington,  IL  location.  Must 
have  a  Bachelor's  degree  or  for¬ 
eign  degree  equivalent  in 
Electrical  Engineering,  Computer 
Engineering,  or  related  field  plus 
2  years  of  experience  in  the  posi¬ 
tion  offered  or  2  years  of  experi¬ 
ence  in  operating  systems  admin¬ 
istration,  database  administra¬ 
tion,  and  programming.  Salary 
and  benefits  commensurate  with 
experience.  Send  resume  to: 
Sheri  Mattison,  Employment 
Manager,  Witness  Systems,  Inc. 
300  Colonial  Center  Parkway, 
Roswell,  GA  30076. 


Software  Engineers:  Anal¬ 
yze,  design,  develop  & 
deploy  apps.  in  SAP  R/3 
Modules  (MM,  SD,  WM,  PP, 
PM,  FICO  &  HR)  and  relat¬ 
ed  technologies  (ABAP/4, 
ALE,  EDI,  IDOCS,  ITS), 
SAP  BW,  Oracle,  SQL 
Server  and  Visual  Basic. 
Send  resume  to  HR, 
InfoWeb  Systems,  Inc., 
3435  Asbury  Road,  Suite 
175,  Dubuque,  IA  52002. 
EOE. 
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A  Call 
To  Action! 

Take  the  hassle  out  of 
searching  for  the  right 
candidate  and  contact  us 
at  (800)  762-2977. 

We  can  place  your 
message  in  front  of  2/3  of 
all  US  IT  professionals. 

Call  (800)  762-2977 
www.itcareers.com 


Programmers,  Software 

Engineers  &  DBAs:  (a)  Design, 
develop,  upgrade  &  maintain 
complex  database  in  Sybase, 
SQL  Server,  Oracle,  Sybase 
Rep  Server,  SQL  Server  2000, 
Oracle  9i,  Oracle  &  SQL  Server 
Enterprise  Manager,  ErWin, 
ANSI  SQL,  TSQL  &  other  rel. 
tech.;  (b)  Analyze,  design, 
develop  &  maintain  specialized 
software  apps.  in  Oracle 
Financial  Services  Applications 
Suite  including  Oracle 
Discoverer,  Financial  Analyzer, 
Sales  Analyzer,  Express  Server 
(OLAP)  &  Warehouse  Builder, 
AIM,  Cobol,  Dbase,  FoxBase  & 
other  rel.  tech.  Prevailing 
wage/benefits.  Send  resume  to 
Attn:  HR,  3651  Peachtree 
Pkwy.,  Suite  E370,  Suwanee, 
GA  30024.  EOE. 


DBAs:  Design,  develop, 
upgrade,  maintain  and 
administrator  complex  data¬ 
bases  in  Oracle,  Oracle 
Apps.,  MS  SQL  Server, 
Oracle  8i,  Sun  Enterprise 
and  related  technologies  on 
various  OS  -  Linux,  Sun 
Solaris,  IBM  AIX,  etc. 
Prevailing  wage/benefits. 
Send  resume  to  Attn:  HR, 
295  Henley  Place,  Duluth, 
GA  30097.  EOE. 


Senior  Programming  Analyst-40 
hrs/wk  9-5,  Comp.  Salary 
Offered,  in  Weston,  FL,  Req. 
Bachelor's  Degree  or  Equivalent 
in  Computer  Information 
Systems  +  1  yr.  exp.  in  job 
offered-Analyzing  the  computer 
system  requirements  &  conduct¬ 
ing  designing,  coding  &  imple¬ 
mentation  of  technical  solutions 
to  fulfill  requirements;  creating  & 
maintaining  Visual  Basic,  SQL, 
Access  and  web  based  applica¬ 
tions,  etc.  Send  resume  to  Bill 
Anderson,  CHCS  Services,  Inc., 
3050  Universal  Blvd.,  #150, 
Weston,  FL  33331. 


Software  Engineer  want¬ 
ed  to  design,  develop, 
modify  and  maintain  e- 
procurement  solutions, 
and  perform  related  dut¬ 
ies.  Master  in  Computer 
Science  and  related  ex¬ 
perience  required.  Send 
resume  to  ICS,  349  Lafe 
Cox  Drive,  P.O.  Box 
3298,  Johnson  City,  TN 
37602. 


Senior  Mechanical  Engineer: 
Design,  implement  and  develop 
the  mechanical  aspects  of  ser- 
vowriters.  Use  thorough  under¬ 
standing  of  hard  disk  drive 
mechanics  and  environmental 
system  interactions  during  servo 
track  writing  production  process. 
Work  closely  with  development 
group  to  translate  Server 
Product  Group  servowriter 
essentials  into  design  (this 
requirement  is  specific  to  this 
position  because  the  core  tech¬ 
nology  division  is  located  in 
Longmont,  Colorado).  Technical 
information  must  be  communi¬ 
cated  efficiently  with  a  thorough 
and  clear  understanding. 
Design  electromechanical  com¬ 
ponents  for  precision  mecha¬ 
nisms.  Use  PRO/E  CAD  sys¬ 
tem,  Pro/PDM  file  management 
and  geometric  tolerancing. 
Work  cross-functionally  with 
other  groups  such  as  electrical, 
servo,  and  reliability,  as  well  as 
the  servowriter  development 
group.  Requirements  include  a 
Master's  degree  or  equivalent  in 
Mechanical  Engineering,  Elec¬ 
trical  Engineering  or  closely 
related  field  and  four  years  of 
work  experience  with  hard  disk 
drive  servowriters,  including  pre¬ 
cision  mechanism  design  and 
hard  disk  drive  instrumentation. 
Requires  approximately  5% 
domestic  travel.  Applicants 
must  have  unrestricted  autho¬ 
rization  to  work  in  the  United 
States.  Salary  $65, 000/year.  40 
hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200203493,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  FL, 
Boston,  MA02114. 


Network  Support  Analyst  I: 
Entry-level  position  to  provide 
technical  assistance  for  LAN  & 
WAN  installation  &  implementa¬ 
tion  of  Cisco  products  &  network 
cabling.  No  exp.  and  college 
degree  req.  but  must  demon¬ 
strate  ability  to  perform  job 
through  at  least  either  course 
works  or  certificates  in 
LANA/VAN  &  Cisco  Products.  40 
hr/wk.  Resume  w/transcripts/ 
certificates  to  D.  Greenwood, 
Metro  Brokers,  Inc.  5775-D 
Glenridge  Dr.  Ste  200,  Atlanta, 
GA  30328 


System  Engineer  for 
h/care  s/ware  co  in 
NY,  NY.  Must  have 
bach  degree  any  field 
&  3  yrs  exp.  Send 
resume  to:  CureMD, 
1181  Broadway,  6th 
FI,  NY,  NY  10001. 


Programmer  Analyst 

Job  Type:  Full  Time 
Company  Name:  MAXIL 
Technology  Solutions  Inc. 
Duties:  Analyze,  design,  and 
develop  cross  platform  applica¬ 
tions  in  Enterprise  level  Object 
Oriented  Technologies.  3-4 
years  of  experience  in  Object 
oriented  technologies  on  Java/ 
C++,  JSP  1.2,  Servlets  2.3, 
XML1.0,  and  EJB  1.2.  Should  be 
proficient  with  design  and  devel¬ 
opment  tools  like  TogetherJ, 
Jbuilder  8.0  and  application  ser¬ 
vers  Weblogic  Application  Ser¬ 
ver  8.1  and  websphere.  Also  act 
as  a  Web  server  Admin,  deploy 
and  maintain  applications  on 
Weblogic  Application  Server  8.1 
running  on  Solaris.  Extensive 
experience  in  CRM/Financial/ 
Billing/Telecom  preferred.  Good 
exposure  to  Data  Mapping  tools 
especially  Informatica  Power- 
Center  is  desired.  Proficient 
working  on  Windows  NT  and 
Solaris  operating  Systems  is 
preferred.  A  strong  SQL  skill  with 
Shell  scripting  experience  is  de¬ 
sired.  Excellent  knowledge  of 
Oracle  9i  and  Teradata  V2R5  re¬ 
quired.  Good  financial  industry 
knowledge  especially  protocols 
FIX,  SWIFT  and  knowledge  of 
Mutual  Funds,  Commingled 
Funds,  Fixed  Investment 
Instruments  desired. 

Education  &  Experience:  Bach¬ 
elors/Masters  in  Engineering 
with  3-5  years  of  Industrial 
Experience.  Experience  in  CRM 
applications/financial  industry 
experience  using  C++  (COM+, 
ATL,  STL,  CORBA)  or  Java 
(Swing,  J2EE)  strongly  desired. 
Experience  in  financial  industry 
is  prefered. 

Contact:  resumes@maxil 
technology.com 


SR.  INFO  SYSTEMS  ADMINIS¬ 
TRATOR.  Lead  maintenance, 
installation,  configuration,  & 
monitoring  of  co.  network  infra¬ 
structure  (hardware  &  software), 
internet  data  center  (Exchange 
Server  5.5, Proxy  Server),  prod¬ 
uct  development  (NetObjects 
Fusion  MX),  QA  &  testing, 
DNS/DHCP  servers,  ascend 
pipeline  routers,  &  firewalls; 
ensure  tools  are  identified, 
deployed  &  operational  for  event 
monitoring  &  response  in  pro¬ 
duction  system  environment; 
ensure  remedial  action  is  taken 
to  correct  hardware/software 
exceptions;  develop  procedures 
for,  supervise  &  train  support 
team  of  3  to  serve  as  backups 
for  support  desk;  create  &  ana¬ 
lyze  IT  Disaster  Recovery  Plan 
(Veritas  Backup  7.0);  handle 
end-user  problems/questions  & 
train;  write  reports  for  Inventory 
Control  using  Java  &  VB. 
Requirements:  Bach,  in  Comp. 
Sci.  or  related  field  PLUS  1  yr. 
exp.  in  job  or  1  yr.  as  Info 
Systems  Administrator  using 
Veritas  Backup  7.0,  Microsoft 
Exchange  5.5,  Microsoft  Proxy 
Server,  Net  Objects  Fusion  MX, 
Java/VB.  Send  CV  to  Dorian 
Tool  International,  Attn:  HR,  615 
County  Rd  219,  East  Bernard, 
TX  77435.  Fax:  (979)  282-7006 
or  HR@Doriantool.com. 


Architect  to  lead  application  ar¬ 
chitecture  &  operational  deploy¬ 
ment  processes  to  ensure  effi¬ 
cient  use  of  system  resources  & 
meet  service  level  agreements 
for  performance/availability.  Will 
engage  in  Grid  Computing  (re¬ 
search/evaluation  of  emerging 
concept/technology),  Serve 
Consolidation  (evaluating  re¬ 
source  management  tools/ 
ThinkDynamics)  &  Autonomic 
Computing.  Research  &  recom¬ 
mend  application  of  appropriate 
standards,  methods,  vendor  pro¬ 
ducts,  tools  &  technologies.  I  d 
best  practices  &  technology  & 
recommend  process  improve¬ 
ment  strategy;  provide  expert 
tech  leadership  &  coach/mentor 
team  members  to  enhance  their 
tech  &  architectural  knowledge; 
serve  as  expert  tech  consultant 
&  provide  tech  leadership  to  snr 
management,  project  team 
members  &  functional  organiza¬ 
tions.  Devlpmnt  environments 
incl  Solaris,  AIX,  Linux,  Win¬ 
dows  NT/2000/XP,  J2EE/Web- 
sphere,  .NET,  ORacle,  DB2, 
SANs,  clustering,  system  &  net¬ 
work  management,  TCP/IP,  http, 
SSL,  XML,  SOAP,  MQSeries, 
TIBCo.  Will  also  research  &  ad¬ 
vise  on  appropriate  performance 
&  monitoring  tools  incl  Mercury 
Loadrunnner,  Radview  Web- 
Load,  BMC  Perform/Predict, 
Teamquest  &  Rational  Perform¬ 
ance  Studio.  No  degree  re¬ 
quired.  Candidate  must  have  5 
yrs  exper  in  Job  Offered  or  5  ys 
in  software  architecture  &  devel¬ 
opment,  incl  2  yrs  in  project 
management.  Cand  must  also 
possess  demonstrated  expertise 
in  the  following:  (1)  architecture 
&  performance  characterization 
of  enterprise/OLTP  financial  ser¬ 
vices  applications  -  incl  J2EE 
application  servers,  mainframe 
applications  &  rational  databas¬ 
es;  (2)  in  performing  component 
level  performance  characteriza¬ 
tion  of  financial  services  applica¬ 
tions,  incl  J2EE.  .NET  perfor¬ 
mance  analysis  &  framework 
compliance  &  architecture;  &  (3) 
in  characterizing  high  availability 
networks  &  network  application 
profiling  &  management,  incl 
performance  management  & 
security.  Sal:  $97,825/yr;  M-F, 
9A-5P.  Submit  2  copies  of  res¬ 
ume  to  Case  #:  200203508, 
Labor  Exchange  Office,  19 
Staniford  St.,  1st  fl,  Boston,  MA 
02114.  EOE.  Applicants  must  be 
U.S.  workers  eligible  to  accept 
full-time  employment  in  U.S. 


Teacher,  Comp.  Sci. 
sought  by  Computer 
School  for  post-sec.  stu¬ 
dents.  Must  have  Bach, 
in  C.S.  or  C.E.  plus  1  yr. 
teaching  or  comp, 
industry  exp.  Send 
resume  to  The  Boston 
Computer  School,  11 
Wadsworth  Way, 

Sharon,  MA  02067. 


IT  Education  &  Training  Directory 

Contact  the  companies  listed  below 

to  help  you  with  your  training  needs!  To  p|ace  your  gd  p|ease  ca||  800.762.2977 


IPexpert,  Inc.  jj|p 

CBT  Nuggets 

l  1  Transcender 

(866)  225-8064  |fg 

(888)  507-6283  &  (541)  284-5522 

l’  I  (615)  726-8779 

www.ipexpert.com 

www.  cbtn  uggets  .com 

:  1  www.transcender.com 

CCIE  (R&S,  SEC,  and  C&S),  CCSP,  |pf 

Affordable  training  videos  on  CD 

::  fl  Award-winning  practice  exams 

CCNP,  CCNA,  IP  Telephony  |Jg 

MCSE,  MCDBA,  MCSD,  CCNA, 

Citrix,  Linux,  A+,  Net  + 
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ENGINEER-NETWORK  ENGI¬ 
NEERING:  Analyze,  research, 
design  and  develop  solutions  for 
the  provisioning  aspects  of  com¬ 
plex  high  capacity  circuits  used 
in  the  planning  and  allocation  of 
telecom  infrastructure  facilities 
for  urban  and  suburban  central 
offices;  identify  and  recommend 
enhancements  to  high  capacity 
circuit  provisioning  processes 
and  procedures;  perform  web 
programming,  develop  web- 
based  reports  and  publish  on¬ 
going  results;  coordinate  func¬ 
tions  between  mechanized  sys¬ 
tems  and  input  relationships; 
consult  with  internal  subject 
matter  experts  and  external  ven¬ 
dors  to  provide  on-going  im¬ 
provements  and  report  docu¬ 
mentation,  definitions,  and 
methods  and  procedures  asso¬ 
ciated  with  high  capacity  circuit 
provisioning  processes.  Re¬ 
quires  Bachelors  degree  in  Elec¬ 
tronic  or  Electrical  Engineering 
plus  2  years  exp.  in  the  job 
offered  or  2  years  exp.  in  utiliz¬ 
ing  complex  high  capacity  circuit 
provisioning  processes  and  pro¬ 
cedures  in  the  planning  and  allo¬ 
cation  of  telecom  infrastructure 
facilities  for  urban  and  suburban 
central  offices.  Salary  $62,400/ 
yr;  40  hrs/wk;  Mon-Fri  8AM- 
5PM.  Job  is  located  in  Man¬ 
chester,  NH.  To  apply,  send  two 
(2)  copies  of  resume/letter  of 
application  to:  Job  Order  #2003- 
631,  P.O.  Box  989,  Concord,  NH 
03302-0989. 


Manager,  Corporate  Develop¬ 
ment:  Blackbaud  Inc.,  the 
leader  in  bringing  technology 
to  nonprofit  organizations  and 
educational  institutions,  is 
seeking  a  Manager,  Corpor¬ 
ate  Development  to  identify 
and  evaluate  new  opportuni¬ 
ties  for  expanding  or  diversify¬ 
ing  existing  software  and  ser¬ 
vices  business  to  identify  spe¬ 
cific  client  product  and  service 
needs  for  past,  current  and 
prospective  customers.  The 
candidate  will  conduct  qualita¬ 
tive  research  (industry  and 
client  interviews)  and  quanti¬ 
tative  analysis,  such  as  ad¬ 
vanced  financial  and  operat¬ 
ing  models,  market  opportuni¬ 
ties  and  short-  and  long-  term 
projections.  The  candidate 
will  forecast  financial  and 
operational  performance  of 
acquisition  candidates  and 
partnerships.  Position  re¬ 
quires  M.B.A.  in  Business, 
Finance  or  related  field  as 
well  as  two  years  experience 
(pre-  or  post-MBA)  as  a  Bus¬ 
iness  Associate  or  Business 
Analyst.  Experience  must  in¬ 
clude  advanced  financial 
modeling.  Interested  appli¬ 
cants  should  email  their 
resumes  to  recruiting@black 
baud.com  with  the  subject  line 
"Manager,  Corp  Dev.”  EOE. 


SR.  PROGRAMMER/ANALYST 

Analysis  and  design  of  Oracle 
database  using  UML,  OOAD 
and  Rational  Rose  methodolo¬ 
gies  and  implementing  business 
rules  using  stored  Procedures 
and  triggers.  Migrating  part  of 
business  logic  from  stored 
Procedures  in  Oracle  database 
to  Delphi.  Application  develop¬ 
ment  using  Borland  Delphi  and 
Empower.  Generating  technical 
reports  using  Crystal  Reports. 
Developing  web  and  distributed 
applications  using  Java,  J2EE, 
SOAP,  Webservices,  UDDI, 
WSDL,  Struts,  XML,  XSL,  CSS. 
HTML,  UNIX,  JSP,  Websphere 
and  Weblogic  technologies.  De¬ 
veloping  windows  based  appli¬ 
cations  using  C++,  VC++  and 
VB  in  Windows2000  and  Win¬ 
dows  NT  platforms.  Writing 
SQL.  PL/SQL  and  dynamic  SQL 
Statements  in  Oracle,  SQL  serv¬ 
er  and  Informix  databases.  8:00 
a.m.  to  5:00  p.m.,  40  hrs/wk, 
$55, 000/year,  Bachelor's  de¬ 
gree  in  Computer  Science  or 
Engineering.  Must  have  proof  of 
legal  authority  to  work  in  the 
United  States.  Send  your  res¬ 
ume  to  the  Iowa  Workforce 
Center,  590  Iowa  Street 
Dubuque,  IA  52004-0757. 
Please  refer  to  Job  Order 
#IA1101828.  Employer  paid 
advertisement. 


Java  Programmers 

Conseco  has  positions  for  pro¬ 
grammers  to  plan,  develop,  test, 
and  document  computer  pro¬ 
grams,  applying  knowledge  of 
programming  techniques  and 
computer  systems  for  informa¬ 
tion  systems  department  includ¬ 
ing  testing,  analyzing,  program¬ 
ming,  and  documentation  of 
code,  and  problem  solving, 
interfacing  to  a  variety  of  sys¬ 
tems  including  mainframe,  UNIX 
and  client  server  applications 
and  using  Java,  WebSphere, 
JSP,  BJB,  JDBC,  Microsoft 
Office  applications,  UNIX/AIX, 
SQL,  and  File  Transfer 
Protocols,  creating  servlets  to 
interact  with  MQ  Series  plat¬ 
forms  MDp  clips  on  MainFrames 
and  Oracle  databases  on  UNIX 
systems.  Candidates  must  have 
a  bachelor's  degree  in  computer 
science  or  related  field. 
Candidates  must  be  authorized 
to  work  permanently  in  the 
United  States.  Please  send 
resume  to:  Bernard  Hodes 
Group  Reply  Service,  #81943, 
8440  Woodfield  Crossing,  Suite 
290,  Indianapolis,  IN  46240.  No 
phone  calls,  please.  An  equal 
opportunity  employer. 

Senior  Software  Engineer  (Man¬ 
chester  Center,  VT):  Maintain  & 
enhance  the  company’s  Virtual 
Screen  Module  toolkit  for  Win98, 
WinNT4,  Win2000  &  Windows 
XP  based  on  off-screen-model 
techniques;  enhance  to  support 
right-to-left  languages;  design  & 
develop  a  screen  magnifier  with 
capability  to  double  as  a  screen 
reader;  design  &  develop  a 
standalone  screen  reader  using 
concepts  and  code  for  Braille 
input  &  output  as  well  as  naviga¬ 
tion  strategies  for  mixed  Braille, 
Speech  &  enlarged  screen  out¬ 
put;  maintain  the  Co.'s  applica¬ 
tion  access  concept  based  on 
hooking  &  interfacing  to  applica¬ 
tion  specific  object  models; 
enhance  the  concept  by  design¬ 
ing  new  APIs  to  provide  support 
for  embedded  documents  &  for 
advanced  document  navigation. 
Min.  req's:  bachelor's  in  Comp 
Sci,  EE,  or  rel.  field,  plus  5  yrs. 
exp.  in  position  involving  the 
development  of  screen  reading 
software  &  off-screen  model 
databases.  Must  have  knowl¬ 
edge  of  the  accessibility  indus¬ 
try.  M-F,  8:30-5pm,  40  hrs/wk. 
Salary  range:  $100-$150K.  An 
EOE.  Send  2  copies  of  resume 
to  Job  No.  612547,  P.O.  Box 
488,  5  Green  Mountain  Drive, 
Montpelier,  VT  05401. 

Smart  IMS,  growing  Software 
Consulting  &  Development 
Company  is  looking  for  Com¬ 
puter  Professionals  with  MS/BS 
in  computers  or  related  with  at 
least  2  to  4  years  experience  in 
applications  Development.  Ex¬ 
perience  with  the  following  skills 
or  a  combination  thereof:  VB, 
ASP,  Microsoft  Technologies 
(ASP.Net,  VB.Net,  C#),  XML, 
XSL,  Java, JSP, J2EE,  Bus¬ 
iness  Objects,  COM/DCOM, 
Lotus  Domino,  RUP, Rational 
Suite,  Test  Director,  Winrun- 
ner,  Informix,  Oracle  8i,  DB2, 
Unix  Korn  Shell  Scripting,  So¬ 
laris, UNIX,  Windows  NT/2000, 
MVS,  Software  Testing  Method¬ 
ologies,  iPlanet,  Apache  Web 
Sphere  and  Weblogic  (Portals 
and  Application  Servers).  Must 
be  willing  to  travel/relocate  to 
different  client  sites  throughout 
the  United  States.  Please  email 
Resumes  to  jobs@smartims 
.com  or  mail  to  Smart  IMS  Inc., 
3221  DeCoursey  Ave, 

Covington,  KY  41015. 

Senior  Staff  Embedded  Soft¬ 
ware  Engineer  -  Development  - 
Req.  Master’s  degree  or  higher 
(or  equiv.  foreign  educ.)  in 
Electrical  or  Electronics  Eng.  &  3 
years'  exp.  in  the  job  offered  or  3 
years'  exp.  in  testing  &  trou¬ 
bleshooting  of  MPEG  encoding 
&  decoding  software  on  a  driver 
level.  All  stated  experience 
must  include  each  of  the  follow¬ 
ing:  sustaining  DMA  driver  soft¬ 
ware;  testing  of  set-top  drivers 
on  SPARC-based,  multimedia 
RTOS-driven  systems;  &  testing 
of  real-time  embedded  multime¬ 
dia  operating  systems  including 
QAM  &  QPSK  in  a  broadband 
network.  Lead  conceptualiza¬ 
tion,  definition,  &  design  of 
Digital  Video  Audio  Decoder  dri¬ 
vers  to  accommodate  and 
resolve  issues  identified  through 
testing  &  troubleshooting  of 
MPEG  encoding  &  decoding 
software  on  a  driver  level.  40 
hrs./wk.  8:00  a.m. -5:00  p.m. 
Apply  with  resume  to:  Scientific- 
Atlanta,  Inc.,  do.  Ellen  Queen, 
5030  Sugarloaf  Parkway, 
Lawrenceville,  GA  30042. 
Please  reference  job  #7500. 

A  position  is  available  for  an 
Application  Analyst  in  Indianap¬ 
olis,  Indiana.  The  Application 
Analyst  will  be  primarily  re¬ 
sponsible  for  providing  tele¬ 
phonic,  e-mail,  and  web-based 
technical  assistance  to  domes¬ 
tic  and  international  computer 
system  users;  troubleshooting 
and  resolving  computer  prob¬ 
lems  for  end  users;  and  con¬ 
ducting  testing  and  research  in 
product  functionality  and  quali¬ 
ty  in  domestic  and  international 
operating  environments.  Candi¬ 
dates  for  this  position  should 
possess  a  Bachelor's  degree  in 
a  computer  field  and  at  least 
two  years'  experience  in  trou¬ 
ble-shooting  customer  issues 
including  issues  related  to 
international  operating  environ¬ 
ments;  set-up  of  international 
operating  environments  for  use 
in  support  and  quality  assur¬ 
ance  testing;  and  restoration  of 
corrupt  customer  data  and 
diagnosis  of  causes.  Apply  by 
mail  to:  Keith  Soles,  Mapics 
Inc.,  1000  Windward  Con¬ 
course  Parkway,  Suite  100, 
Alpharetta,  Georgia  30005. 

Programmer/Analyst:  Analyz¬ 
es,  designs,  develops,  tests, 
modifies,  programs  and  main¬ 
tains  customized  software  appli¬ 
cations  using  J2EE,  BC4J, 
Rational  Suite  Webservices 
(SOAP),  Weblogic,  Oracle  and 
related  technologies.  Formu¬ 
lates  program  and  system  de¬ 
sign  procedures,  test  plans,  and 
program  development  specifica¬ 
tions.  Prepares  technical  docu¬ 
mentation.  May  serve  as  a  team 
leader.  Must  have  BS  or  equiva¬ 
lent  in  CS/Math/Engineering  or 
related.  Must  have  2  yrs  exp.  in 
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equivalent  to  a  U.S.  bachelor's 
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sites  throughout  the  State  of  ME 
and  NH.  Salary:  $74,000/yr.  Hrs: 
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Bureau  of  Labor  Standards,  45 
State  House  Station,  Augusta, 
Maine,  04333-0045  Please  refer 
to  Job  Order  #43735  for 
Programmer/Analyst. 
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Software  Engineer  -  Research, 
design  &  develop  computer  soft¬ 
ware  systems  by  applying  princi¬ 
ples  &  techniques  of  comp  sci, 
engineering  &  mathematical 
analysis;  analyze  software 
requirements  to  determine  feasi¬ 
bility  of  design  within  time  &  cost 
constraints,  among  other  duties. 
Reqs:  Master's  degree  in  Comp 
Sci,  MIS.  Engg,  Math  or  Tech  or 
foreign  equiv.  1  yr  exp  in  job 
offered  or  1  yr  exp  in  related 
occupations  of  Programmer 
Analyst,  Programmer,  Systems 
Analyst,  Consultant  or  Engineer. 
Alternatively,  employer  will 
accept  a  Bachelor’s  degree  plus 
5  yrs  progressive  work  exp  in 
computer  field.  Exp  must  involve: 
Oracle.  Unix,  Java  &  XML.  Must 
be  willing  to  travel  to  worksites 
nationally.  40  hr/wk.  Fax  resume 
to  UIS  Consulting  Services,  LLC, 
(w/offices  in  Fishers,  IN  &  West 
Windsor,  NJ),  HR  Dept,  at  (317) 
841-3997. 


SOFTWARE  ENGINEERS 
needed:  Several  Sr.  and  Mid 
Level  positions  available  for 
qualified  candidates  possess¬ 
ing  MS/BS  or  equivalent  in 
Comp  Sci  or  in  Engineering 
field  &  relevant  work  experi¬ 
ence.  Work  with  SAP  R/3, 
ABAP,  BAPI  ABAP,  Report 
Writer,  Report  Painter,  EDI/ 
ALE  I  DOCS,  Workflow,  SAP- 
OFFICE  and  other  software 
tools.  Plan  enterprise-wide 
systems  and  design  solutions. 
Develop  Interfaces.  Generate 
Reports.  Provide  knowledge 
transfer  to  clients.  Prepare  and 
execute  test  plans.  Job  in 
Milwaukee,  Wl  and  other  loca¬ 
tions.  Multiple  positions.  Send 
resume  to  US  Professionals 
LLC,  M.L.  King  Dr.,  Ste#160, 
Chicago,  IL  60616-4108  or 
jobs@uspcorp.com  or  fax  @ 
800-753-1717. 


Programmer/Analyst:  Analyze, 
design,  develop,  test,  implement 
and  maintain  customized  soft¬ 
ware  applications  in  a  client/ 
server  environment  using  Visual 
Basic  and  Access  technologies. 
May  be  used  on  multi-tier  sys¬ 
tems  related  to  Internet/Intranet/ 
E  Commerce.  May  have  addi¬ 
tional  database  administration 
responsibilities.  Must  have 
Bachelors  or  equivalent  in 
Computer  Science,  CIS,  Math, 
Engineering  or  related.  Must 
have  2  yrs  exp.  in  job  offered  or 
in  Software  Development  using 
Visual  Basic  and  Access.  Must 
be  willing  to  be  assigned  to 
unanticipated  client  sites 
throughout  the  United  States. 
Salary:  $73,500/yr.  Hrs:  8:00am- 
5:00pm.,  40hr/wk.  Please  send 
2  copies  of  resume  to:  Case 
#200203521,  Labor  Exchange 
Office,  19  Stamford  St.,  1st  FI., 
Boston,  MA  02114. 


Senior  Consultant.  Software 
analysis  &  development  for  busi¬ 
ness  processes.  Technical 
Environment:  Java;  XML;  XSLT; 
Oracle;  EJB;  Websphere; 
WSAD;  DB2;  JMS;  Rational 
Rose.  Bachelor's  degree  in 
Comp.  Sci.  or  Eng.*  +  2  yrs  exp 
in  job  offered  or  as  Software 
Consultant,  Technical  Inte¬ 
gration  Expert,  or  Programmer 
Analyst  req'd.  ('Bachelor's 
degree  in  any  engineering  field 
also  acceptable).  Previous  exp 
must  include:  Java;  XML; 
Oracle.  40  hrs/wk,  $66,000/yr. 
Must  have  proof  of  legal  author¬ 
ity  to  work  in  the  US.  Send 
resume  to  Iowa  Workforce 
Center,  215  Watson  Powell  Jr. 
Way,  Des  Moines,  IA  50309- 
1727.  Refer  to  JO#:  IA1101832. 
Employer  pd  ad. 


Software  Engineer:  Several  Sr. 
and  Mid  Level  positions  avail¬ 
able  for  qualified  candidates  po¬ 
ssessing  MS/BS  or  equivalent  in 
Comp  Sci  or  in  Engineering  field 
&  relevant  work  experience  in 
Enterprise  Application  Integra¬ 
tion  (EAI),  Webmethods,  J2EE, 
Business  Process  Automation/ 
Work  flow  and  Client  Server 
Applns  using  Java,  C++,  XML, 
Vitria  BusinessWare,  BEA  Web- 
Logic,  IBM  MQ  Series, Visual 
Basic,  CORBA,  COM/DCOM, 
ANT,  JNDI/LDAP,  Oracle,  DB2, 
Sybase  and  various  other  data¬ 
bases.  Requires  good  under¬ 
standing  of  design,  dvlpmt  &  de¬ 
ployment  of  various  Connectors/ 
Adopters  for  appln  integration 
and  process  on  Windows,  Unix 
and/or  platforms.  Job  in  Milwau¬ 
kee,  Wl  and  other  locations. 
Competitive  salary.  Apply:  HR, 
U.S.  Professionals,  LLC,  3473 
S.  M.L.  King  Dr.,  Ste#160, 
Chicago,  IL60616-4108  or  fax  at 
800-753-1717. 
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Continued  from  page  1 

Merrill  Lynch 

But  the  idea  is  to  add  a  layer  of 
abstraction  that  creates  one 
logical  storage  fabric,  with  nu¬ 
merous  virtual  SANs  dedicat¬ 
ed  to  individual  business  units. 

That  would  let  the  business 
units  share  storage  resources, 
“but  not  have  one  SAN  that’s 
impacting  all  the  other  SANs,” 
Myrick  said.  In  addition,  stor¬ 
age  administrators  could  make 
changes  to  one  of  the  logical 
zones  in  the  SAN  infrastruc¬ 
ture  without  affecting  the  per¬ 
formance  and  reliability  of  the 
others,  he  said. 

Colin  Gibson,  who’s  in 
charge  of  infrastructure  and 
data  services  at  Merrill  Lynch, 
said  the  storage  pooling  en¬ 
abled  by  the  virtualization  plan 
could  also  help  ensure  that  the 
company’s  disk  arrays  aren’t 
sitting  idly  if  users  don’t  need 
the  full  capacity  assigned  to 
them.  “We  run  at  a  high  utiliza¬ 
tion  rate  now,  but  we  could  run 
even  higher,”  Gibson  said.  “We 
want  to  consistently  be  at  90%. 
That’s  a  good  number  to  be  at, 
because  it  doesn’t  allow  assets 
on  the  floor  to  remain  unused.” 

Myrick  and  Gibson  said 
plans  for  the  SAN  virtualiza¬ 
tion  project  likely  will  be  so¬ 
lidified  by  year’s  end.  They 
declined  to  comment  on  the 
expected  cost,  other  than  to 
say  it  would  run  into  the  mil¬ 
lions  of  dollars. 

Data  security  concerns  will 
be  a  high  priority,  they  noted. 
Merrill  Lynch  currently  has 
500TB  of  storage  capacity 
spread  across  16  SANs  at  sev¬ 
eral  data  centers  in  the  New 


Correction 

The  last  name  of  John  Matelski, 
deputy  CIO  for  the  city  of  Orlando 
and  a  member  of  the  Quest  user 
group’s  board,  was  misspelled  in 
a  story  that  began  on  Page  One 
in  last  week’s  issue  (“PeopleSoft 
at  Odds  With  J.D.  Edwards  User 
Group"). 


York/New  Jersey  region.  Once 
the  SANs  can  share  data 
through  the  switches,  business 
units  will  have  to  be  restricted 
from  seeing  one  another’s 
data.  “We’ll  be  very  selective 
with  the  [data]  we’re  putting 
across  the  virtual  SAN,” 
Myrick  said. 

Merrill  Lynch  is  “far  ahead” 
of  most  users  in  addressing 
SAN  consolidation,  said  Steve 
Duplessie,  an  analyst  at  Enter¬ 
prise  Storage  Group  Inc.  in 
Milford,  Mass.  But,  he  added, 
many  large  companies  are 
running  into  the  same  prob¬ 
lems  that  Merrill  Lynch  is  — 
the  number  of  SANs  they  have 
installed  is  growing  out  of 


BY  LUCAS  MEARIAN 

variety  of  storage 
vendors  are  testing 
products  that  could 
double  the  through¬ 
put  of  Fibre  Channel  storage- 
area  networks  (SAN)  and  net- 
work-attached  storage  (NAS) 
devices  from  the  current 
2Gbit/sec.  rate. 

The  faster  4Gbit/sec.  stan¬ 
dard  was  approved  in  June  by 
the  Fibre  Channel  Industry 
Association,  but  vendors  wait¬ 
ed  to  develop  the  technology 
because  of  a  slumping  market. 
Now,  makers  of  Fibre  Channel 
host  bus  adapters  (HBA), 
switches  and  disk  drives  say 
that  devices  adhering  to  the 
new  standard  are  on  the  hori¬ 
zon  and  will  cost  roughly  the 
same  as  or  a  little  more  than 
2Gbit/sec.  hardware. 

Some  vendors  are  also  look¬ 
ing  to  release  products  with 
lOGbit/sec.  capabilities.  But 
some  IT  managers  last  week 


Merrill  Lynch’s  SAN 
Installation  includes: 

■  About  500TB  of  capacity  on  16 
SANs  in  multiple  data  centers. 

■  A  combined  total  of  61  Brocade 
SilkWorm  12000  switches. 

■  More  than  1,500  switch  ports 
on  some  of  the  larger  SANs. 


control,  and  performance  and 
resource  utilization  rates  are 
taking  a  hit. 

“Twenty  years  ago,  you  had 
the  same  problem  with  LANs,” 
Duplessie  said.  “You  had  all 
these  little  workgroup  LANs 
that  needed  to  be  combined.” 


said  they  may  not  be  able  to 
benefit  from  the  Fibre  Chan¬ 
nel  performance  boosts  at  this 
point  because  of  server  and 
tape  drive  I/O  bottlenecks. 

Gary  Pilafas,  senior  storage 
and  systems  architect  at  UAL 
Loyalty  Services  Inc.  in  Ar¬ 
lington  Heights,  Ill.,  said  that 
even  if  4Gbit/sec.  products 
cost  no  more  than  his  existing 
ones,  he’s  wary  about  in¬ 
stalling  them  on  his  SAN.  The 
application  servers  that  the 
United  Air  Lines  Inc.  sub¬ 
sidiary  backs  up  across  its  Fi¬ 
bre  Channel  network  couldn’t 
take  advantage  of  the  faster 
network  speeds,  said  Pilafas. 

“You’d  saturate  your  [serv¬ 
er]  host  bus  long  before  you’d 
saturate  a  1-  or  2Gbit  connec¬ 
tion,”  Pilafas  said.  UAL  could 
use  the  speedier  throughput 
only  if  he  connected  its  Hi¬ 
tachi  Data  Systems  Corp.  disk 
arrays  directly  to  its  Storage 
Technology  Corp.  tape  library, 


Now,  he  added,  IT  managers 
“need  one  big  SAN  that  they 
can  manage  as  microscopical¬ 
ly  as  they  can,  as  opposed  to  a 
bunch  of  little  SANs.” 

Merrill  Lynch  primarily 
uses  director-class  storage 
switches  made  by  Brocade 
Communications  Systems  Inc., 
and  Myrick  said  he  would  like 
to  stick  with  the  San  Jose- 
based  vendor.  But  Brocade  has 
yet  to  build  an  intelligent 
switch  that  supports  data  rout¬ 
ing  between  servers  on  differ¬ 
ent  SANs.  That’s  one  reason 
Merrill  Lynch  is  biding  its 
time,  Myrick  said.  Funding  is¬ 
sues  are  another. 

“We’re  really  looking  to 


he  added.  But  StorageTek  has 
yet  to  announce  support  for 
4Gbit/sec.  Fibre  Channel. 

Another  IT  manager,  who 
works  at  a  large  Midwestern 
insurance  company  and  asked 
not  to  be  identified,  also  said 
that  replacing  2Gbit/sec.  Fibre 
Channel  equipment  with 
4Gbit/sec.  devices  isn’t  an  at¬ 
tractive  option  now.  “If  a  tape 
drive  can  only  produce  20MB/ 
sec.  throughput,  doubling  the 
speed  of  the  Fibre  Channel 


UPCOMING  PRODUCTS 


BROCADE:  Plans  to  begin 
testing  4Gbit/sec.  and  10Gbit/ 
sec.  switches  with  makers  of 
storage  devices  in  2005. 

McDATA:  Is  developing  4Gbit/ 
sec.  director-class  switches 
for  release  in  2005. 

ADVANCED  DIGITAL  INFOR¬ 
MATION  CORP.:  Will  begin  offer¬ 
ing  tape  libraries  with  4Gbit/ 
sec.  technology  by  year’s  end. 

QLOGIC  CORP.:  Expects  by 
midyear  to  ship  4Gbit/sec. 

HBAs,  plus  switches  supporting 
that  rate  as  well  as  lOGbit/sec. 


vendors  to  supply  us  with  so¬ 
lutions  that  will  be  reliable, 
fault-tolerant  and  resilient  and 
will  work  on  the  scale  we  need 
them  to  work,”  Myrick  said. 

Merrill  Lynch  is  also  explor¬ 
ing  the  idea  of  deploying  in¬ 
formation  life-cycle  manage¬ 
ment  tools.  Ultimately,  Myrick 
said  he  would  like  to  be  able 
to  have  systems  fail-over  be¬ 
tween  the  company’s  two 
main  data  centers  so  that  both 
can  function  as  disaster  recov¬ 
ery  sites.  O  44125 


MORE  THIS  ISSUE 

Three  case  studies  show  how  a  unified  view 
of  storage  resources  can  reduce  application 
downtime  and  save  money.  PAGE  27 


port  the  tape  drive  is  connect¬ 
ed  to  doesn’t  increase  the 
throughput,”  he  said. 

Steve  Kenniston,  an  analyst 
at  Enterprise  Storage  Group 
Inc.  in  Milford,  Mass.,  said  the 
move  from  2Gbit/sec.  Fibre 
Channel  to  4Gbit/sec.  is  com¬ 
parable  to  the  jump  from  Intel 
Corp.’s  Pentium  III  processors 
to  the  Pentium  4  line.  Migrat¬ 
ing  to  lOGbit/sec.  products 
would  be  “a  quantum  leap”  for 
users,  he  added. 

San  Jose-based  Hitachi 
Global  Storage  Technologies 
Inc.  this  month  announced 
plans  to  begin  joint  testing  of 
4Gbit/sec.  disk  drives  with 
storage  vendors  and  added 
that  it  expects  those  devices  to 
be  generally  available  by  2005. 

Vendors  such  as  Brocade 
Communications  Systems  Inc. 
and  McData  Corp.  have  said 
they  plan  to  offer  devices  sup¬ 
porting  the  faster  speeds  later 
this  year  or  in  2005  (see  box). 
However,  some  companies  re¬ 
main  cautious  about  support¬ 
ing  the  new  technology. 

For  example,  a  spokesman 
for  Cisco  Systems  Inc.  said  it 
has  no  immediate  plans  to 
support  4Gbit  Fibre  Channel 
in  its  SAN  switch  portfolio.  He 
added  that  Cisco  could  add 
4Gbit/sec.  capabilities  “if 
strong  market  demand  re¬ 
quires  us  to  do  so.”  O  44043 


Faster  Storage  Devices 
Coming,  but  Not  for  All 

Server  bottlenecks  could  limit  Fibre 
Channel  performance  for  some  users 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 

Save  the  Coders 

IF  YOU  HAD  ANY  DOUBTS  about  the  effects  of  offshoring  on 
IT  pay,  you  can  stop  doubting.  According  to  a  January  report 
from  Foote  Partners,  the  bonuses  that  programmers  once  re¬ 
ceived  for  specialized  knowledge  are  evaporating  —  off  25% 
over  the  past  two  years  and  still  sinking.  Yes,  things  are  tough 
all  over,  but  the  numbers  for  application  development  are  much 
worse  than  the  average  for  IT  specialties  —  and  the  app  dev  falloff 
coincides  with  the  uptick  in  offshore  outsourcing  of  many  software 
projects.  For  programmers,  it’s  starting  to  look  like  the  end  for  big 
paydays  —  and  maybe  for  any  paydays  at  all. 


Of  course,  hot  IT  specialties  come  and  go. 

The  Foote  Partners  survey  says  bonuses  are  go¬ 
ing  up  for  skills  in  Linux,  WebSphere,  Gigabit 
Ethernet,  voice  over  IP  and  XML.  Security  and 
project  management  look  strong,  too.  For  IT 
workers  who  want  to  chase  a  new  specialty 
that’s  on  the  rise,  those  are  the  categories 
where  training  and  certification  will  pay  off. 

But  not  programming.  Not  even  specialties 
like  rapid  application  development  and  extreme 
programming,  which  have  been  hot  stuff  in  re¬ 
cent  years.  Now  they’re  cooling  off,  according 
to  the  Foote  survey. 

It’s  a  matter  of  supply  and  demand.  There  are 
lots  of  programmers  out  there  —  and  with  off¬ 
shoring,  “out  there”  gets  bigger  every  day.  With 
that  much  supply,  programming  skills  can’t 
command  the  extra  money  they  once  did. 
They’re  a  commodity,  and  they’re  likely  to 
keep  getting  cheaper. 

If  you’re  a  programmer,  that  should  make 
you  worried. 

If  you’re  an  IT  manager,  you  should  be  wor¬ 
ried,  too.  On  the  one  hand,  you  can’t  afford  to 
keep  a  lot  of  expensive  commodity  program¬ 
mers  on  staff.  On  the  other,  some  of  those  pro¬ 
grammers  know  your  systems  — 
and  your  business  —  intimately. 

And  that  knowledge  can  make  a 
huge  difference  in  the  business  val¬ 
ue  your  IT  shop  can  deliver.  It’s  an 
asset  you  can  ill  afford  to  lose. 

But  as  long  as  you  keep  defining 
what  those  programmers  do  in 
terms  of  purely  technical  skills, 
there’s  no  business  justification  for 
keeping  them  around. 

That  means  it’s  time  to  start  re¬ 
defining  your  programmers. 

Not  just  renaming  them  all  as  “an 
alysts,”  or  prettying  up  their  job  de- 
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scriptions  with  businessy  jargon.  But  actually 
redefining  what  they  do  in  the  context  of  your 
business  organization. 

You  can’t  afford  programmers  who  are  just 
good  at  writing  code.  What  you  want  your  pro¬ 
grammers  to  do  is  to  understand  your  business 
processes  —  and  how  to  use  software  to  auto¬ 
mate,  streamline  and  even  revolutionize  those 
processes. 

Nothing  commodity  about  that,  is  there?  It’s 
specific  to  your  business  organization,  and  it’s 
right  in  line  with  the  IT  department’s  core  val¬ 
ue  proposition  of  using  technology  to  help  the 
business  run  better.  It’s  the  high-value  part  of 
programming. 

You  can  afford  to  keep  programmers  like  that. 
In  fact,  you  can’t  afford  not  to  keep  them. 

Will  that  redefinition  of  the  programmer’s 
job  leave  more  than  a  few  of  your  programmers 
behind?  Sure.  Some  will  lack  the  ability  to  think 
in  business  terms.  Others  simply  won’t  want  to 
—  they  just  love  coding  and  aren’t  interested  in 
business  processes.  You’ll  lose  those  people. 

You  were  bound  to  lose  them  anyway,  as  their 
work  turned  into  a  commodity. 

But  the  ones  who  make  the  cut  will  be  per¬ 
fectly  positioned  to  let  your  IT 
shop  deliver  real  value  to  your 
company  —  and  make  the  business 
more  efficient  and  effective. 

And  they’ll  serve  as  the  model 
for  how  you’ll  deal  with  the  next 
wave  of  technology  that  gets  com¬ 
moditized  and  offshored  —  and 
how  you  can  turn  the  next  group  of 
pure  techies  you  can’t  afford  to 
keep  into  business  technologists 
you  can’t  afford  to  lose. 

And  on  payday,  you  and  your  IT 
staffers  will  have  a  lot  less  reason 
to  be  worried.  O  44082 


That  Should  Speed  Things  Up 

Newly  hired  programmer  pilot  fish  at  this  small  in¬ 
surance  company  can't  help  noticing  the  behavior 
of  his  programmer  co-worker.  Not  only  does  the  co¬ 
worker  keep  odd  hours;  he  often  doesn’t  show  up  for 
work  at  all.  Result;  Co-worker  has  a  project  that  looks 
like  it  will  take  twice  as  long  as  it  should  to  complete. 
Why  is  he  allowed  to  get  away  with  this?  baffled  fish 
asks  boss.  “He’s  not.”  boss  says.  “I've  told  him  that 
as  soon  as  he’s  finished  with  the  project  he’s  working 
on.  he’s  fired.” 

Just  Like 

.  SHARK 

Only  the  CEO  at  TAIII# 
this  financially  I  All 
struggling  com¬ 
pany  uses  a  BlackBerry, 
says  the  IT  pilot  fish  who 
supports  it.  But  the  VP 
of  IT  insists  he  needs 
one  too  -  “to  use  on  a 
regular  basis”  and  so  he 
can  back  up  fish  in  sup¬ 
porting  the  CEO.  “So  we 
spend  hundreds  of  dol¬ 
lars  to  get  him  one  and 
pay  $100  a  month  for 
the  voice  and  data  plans 
that  match  his  projected 
usage,”  says  fish.  After 
eight  months,  curious 
fish  checks  the  invoices 
for  the  VP’s  BlackBerry 
service.  “Grand  total  of 
use:  three  minutes,”  he 
sighs.  “And  that  was 
from  when  I  was  testing 
the  device  before  giving 
it  to  the  VP." 


and  call  the 
manager  to  say 
he  can  return 
home.  “At  our 
next  company 
meeting,  the  managers 
tell  everyone  how  re¬ 
sourceful  we  were  and 
call  us  up  for  a  small 
award,”  fish  reports. 

“We  are  each  given  a 
pair  of  handcuffs  -  and 
told,  ‘Good  job,  but  don’t 
do  that  again.’  ” 


A  Little  Too 
Resourceful 

Consultant  pilot  fish  and 
his  team  are  working 
late  one  evening  when 
everything  stops.  Their 
server  has  died  -  and  it’s 
behind  two  locked  doors. 
While  they  wait  for  the 
system  manager  to  ar¬ 
rive  to  restart  the  server, 
they  find  a  key  to  the 
outer  door.  Then  they 
jimmy  the  server  room 
door  with  a  knife,  reboot 
the  server  themselves 


So  Helpful 

This  company  is  switch¬ 
ing  VPNs,  so  the  IT  de¬ 
partment  sends  an 
e-mail  to  users  with  a 
button  indicating  that 
clicking  it  will  download 
an  8MB  file.  “I  wanted 
to  test  this  before  I  in¬ 
stalled  it  on  my  home 
system,”  says  IT  pilot 
fish.  “So  I  clicked,  and 
without  any  user  inter¬ 
vention,  it  installed  itself 
and  rebooted  my  PC.” 
Which  knocks  out  fish’s 
existing  network  config¬ 
uration.  And  uninstalling 
doesn’t  help.  While  re¬ 
imaging  fish’s  hard 
drive,  tech  admits  this 
happened  when  the 
client  software  was  test¬ 
ed,  too.  What  if  it  does 
this  to  my  home  system? 
fish  demands.  “Oh,  we 
don’t  support  those,” 
says  tech.  “You’ll  have  to 
reinstall  the  whole  OS 
yourself.” 


OFEED  THE  SHARK!  Send  your  true  tales  of  IT  life  to 
sharky@computerworld.com.  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 

computerworld.com/sharky. 


HOW  CLOSE  ARE  YOU  TO  THE 
NEXT  GENERATION  OF  NETWORKING? 

THE  ANSWER  IS  JUST  BENEATH  THE  SURFACE 

Within  your  desktops,  notebooks,  switches  and  servers  are  chips  enabling  your  business  to  operate  in  real  time,  delivering  Gigabit 
speed  both  reliably  and  securely.  When  the  top  10  computer  and  networking  equipment  brands  need  unsurpassed  performance,  they 
turn  to  us.1  Broadcom®  chips  are  two  to  three  times  faster  than  the  closest  competitor’s  in  delivering  network  throughput  on 
your  demanding  applications.2  Whether  you’re  wired  or  wireless,  networking  hardware  built  with  Broadcom  technology  ensures 
the  devices  you  use  today— as  well  as  those  you  add  tomorrow— will  connect  easily  and  seamlessly  across  air,  fiber  and  copper. 


Learn  how  building  upon  Broadcom®  chips  end-to-end 
can  provide  you  with  faster  network  performance. 
Download  the  latest  update  of  our  new  e-book 
“Architecting  Next-Generation  Networks’’  now  at 

www.computerworld.gobroadcom.com/ebook 
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NeiXtreme-  are  trademarks  ol  Broadcom  Corporation  and/or  Its  subsidiaries  In  the  United  States 
and  certain  other  countries.  All  other  trademarks  are  the  property  ot  their  respective  owners. 
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Oracle  And  HP  Run 

1.18  Million 

Transactions  Per  Minute  On  Linux 


Benchmarks  prove  it— Linux  is  enterprise  ready. 
Oracle  Database  lOg  with  Red  Hat  Linux  on  a  cluster 
of  HP  Integrity  servers  with  Itanium®  2  processors 
hit  a  record  1.18  million  transactions  per  minute. 
Spend  less.  Run  faster. 


oracle.com 

or  call  1.800.633.0753 


Transaction  Processing  Council  (TPC),  www.tpc.org. 

As  of  December  8,  2003:  Sixteen-node  HP  Integrity  rx5670  server  cluster,  each  with  4  Intel®  Itanium®  2  1.5  GHz  processors, 

1,184,893.38  tpmC,  $5.52/tpmC,  available  April  30,  2004. 
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